Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

CVE-2017-5972

Discussion in 'Linux Security' started by robi1212, Oct 25, 2017.

Tags:
  1. robi1212

    robi1212 New Member

    Joined:
    Oct 25, 2017
    Messages:
    1
    Likes Received:
    0
    hi,
    I'm using 3.18.20 linux kernel and looking for a patch for CVE-2017-5972, could not find it..
    Can I get some help with that?

    Thanks


    (Log in to hide this advertisement)

     
  2. atanere

    atanere Moderator
    Gold Supporter

    Joined:
    Apr 6, 2017
    Messages:
    1,707
    Likes Received:
    1,807
    Over my head, but Googling I found nothing current beyond RedHat declining to patch in February and suggesting synproxy to mitigate the risk (see here). RedHat also requesting CVE to be revoked. They repeated this position again in March (see here). In July, GitHub Engineering produced another tool, synsanity, as an alternative to synproxy (see article here -- link to product here).

    Debian only shows that vulnerability was fixed in stretch, not jessie or wheezy (see here).

    Hope that helps.
     
  3. Rob

    Rob Administrator
    Staff Member

    Joined:
    Oct 27, 2011
    Messages:
    330
    Likes Received:
    801
    Hey there - what distribution are you running? Also, are you patching this particular CVE because a scan at work told you about the vulnerability or?

    Rob
     
  4. wizardfromoz

    wizardfromoz Super Moderator
    Staff Member Gold Supporter

    Joined:
    Apr 30, 2017
    Messages:
    1,845
    Likes Received:
    1,836
    Hi @robi1212 and welcome to linux.org :)

    I am in the category of friend Stan with

    but I note from Slashdot https://linux.slashdot.org/story/17/02/09/006243/linux-kernel-318-reaches-end-of-life the following is included:

    ... and I wonder if you are in that category or that legacy hardware and drivers issues necessitate your sticking with that version?

    By all means, answer @Rob 's questions first.

    Cheers and avagudweegend

    Wizard
     

Share This Page