| === robs is now known as robse | ||
| robse | Hello | 13:08 |
|---|---|---|
| robse | i'm on Ubuntu 18.04.5 LTS and my current linux-aws is 5.4.0.1063.45 that is affected by CVE-2022-0185. Even after apt-get update, I can't list the new linux-aws 5.4.0-1063.66 | 13:11 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0185> | 13:11 |
| robse | any hint on this ? I'm on AWS and I see that the package should be in security updates ? https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1063.66~18.04.1 | 13:13 |
| sdeziel | robse: linux-aws pulls linux-image-aws which currently pulls linux-image-5.4.0-1063-aws which has version 5.4.0-1063.66~18.04.1 which includes the CVE fix | 13:40 |
| robse | sdeziel: yeah, I sorted it out just now. Wondering why linux-aws itself is version 5.4.0.1063.45.and not .66 that confused me. Thank you | 13:49 |
| ZMoney | Hey everyone -- Quick question -- when a CVE page lists a *-esm patches package name, does that imply that the package is only available from ETS? I'm looking at the 16.04 row here: https://ubuntu.com/security/CVE-2021-4034 | 20:20 |
| ubottu | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034> | 20:20 |
| ZMoney | ^^^ I have the exact same package version installed from 16.04 LTS, but of course it doesn't have the -esm suffix. So does it have the patch? :) | 20:20 |
| ZMoney | `sudo apt list --installed | grep policykit` shows policykit-1/xenial-updates,xenial-security,now 0.105-14.1ubuntu0.5 amd64 [installed] | 20:22 |
| sarnold | ZMoney: correct, you've got to enroll your machine into ESM via ua attach in order to get the ESM updates | 20:31 |
| sarnold | ZMoney: usually debian packages have a changelog located in /usr/share/doc/<packagename>/changelog.Debian.gz -- there should be a "* SECURITY UPDATE:" entry, with the CVE number, when you've got an installed package. (with the caveats that if there weren't a cve number available, or the assignment changed, etc, after release, we won't re-release new packages just to update this) | 20:32 |
| ZMoney | ok thanks for that. And 16.04 no longer receives any security updates for unpaid users? | 20:35 |
| sarnold | ZMoney: there's two free tiers -- one, available to all, allows three machines; the other, available to ubuntu members, allows 50 machines https://ubuntu.com/security/esm | 20:37 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!