CVE-2017-5972

robi1212 · Oct 25, 2017

hi,
I'm using 3.18.20 linux kernel and looking for a patch for CVE-2017-5972, could not find it..
Can I get some help with that?

Thanks

atanere · Oct 25, 2017

Over my head, but Googling I found nothing current beyond RedHat declining to patch in February and suggesting synproxy to mitigate the risk (see here). RedHat also requesting CVE to be revoked. They repeated this position again in March (see here). In July, GitHub Engineering produced another tool, synsanity, as an alternative to synproxy (see article here -- link to product here).

Debian only shows that vulnerability was fixed in stretch, not jessie or wheezy (see here).

Hope that helps.

Rob · Oct 26, 2017

Hey there - what distribution are you running? Also, are you patching this particular CVE because a scan at work told you about the vulnerability or?

Rob

wizardfromoz · Oct 27, 2017

Hi @robi1212 and welcome to linux.org

I am in the category of friend Stan with

...Over my head...

but I note from Slashdot https://linux.slashdot.org/story/17/02/09/006243/linux-kernel-318-reaches-end-of-life the following is included:

...Of course, this being the last maintenance update in the series, you are urged to move to a newer LTS branch, such as Linux kernel 4.9 or 4.4, which are far more secure and efficient than Linux 3.18 was. But Linux 3.18 appears to be used by Google and other vendors on a bunch of Android-powered devices, and even some Chromebooks use Linux kernel 3.18 on Chrome OS,...

... and I wonder if you are in that category or that legacy hardware and drivers issues necessitate your sticking with that version?

By all means, answer @Rob 's questions first.

Cheers and avagudweegend

Wizard

CVE-2017-5972

robi1212

New Member

atanere

Well-Known Member

Rob

Administrator

wizardfromoz

Administrator

Members online

Latest posts