On Sun, Jun 02, 2024 at 02:05:22PM -0600, Brian O'Keefe wrote:
Is this a problem for someone like me? Are folks aware of it?
$ uname -r 5.4.0-182-generic
https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux...
On a Debian based system, the quick way to check if a given CVE has been patched for, is to check the changelog of the affected package, only if it's not mentioned there do you need to check for updates or do more research. $ zgrep CVE-2024-1086 /usr/share/doc/linux-image-$(uname -r)/changelog.gz - netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-1086) When it is there (even if the comment is too cryptic for mortals) you can _pretty much_ assume that an appropriate patch has been applied. Don't let upstream version numbers scare you, the security industry and especially they're press are terrible about communicating how distro patching works. -- sam