Re: [PLUG] patch Ubuntu now, Wine

Walt Mankowski via plug on 20 Jan 2022 09:28:19 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] patch Ubuntu now, Wine

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] patch Ubuntu now, Wine
Date: Thu, 20 Jan 2022 12:28:10 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=date:from :to:subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=59cw14o2QoWKGes6Ns59GfyAJNX3RHrGaUhQlva RAm8=; b=VYnYyLC6Hq+BFeYXzVNL+Al7lGfUFu1oo2w0XqO4SDyH4HsJK/U7oK2 ek+MF9SZgNSq6SXSaKZDtntpW9HGtBZFlmJP6kL4OdUUCLSpG8Iiq36ONe5dBqQT +kpGZoeZRlUjbQMr2HhoDTbmKZrKBW2LTXVXwVuQARD16eLKepJA=
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Thanks for posting this. I'm very confused by their "advice",
though. They write

> So it's possibly a good thing that "Hirsute Hippo", as Ubuntu 21.04
> is nicknamed, just went end of life today (20 January 2022). If you
> have any 21.04 machines, it's time to upgrade them now. That means
> 21.10 "Impish Indri" for the moment, until the next LTS release
> appears in April.

Since the bug exists in both 21.04 and 21.10, what's the point in
upgrading to 24.10 just because of this?

Also, as far as I can tell from https://ubuntu.com/security/CVE-2022-0185,
this was fixed in a patch to the "linux" package that came out a few
days ago.

Based on this, my advice would be

* If you're on 21.04 or 21.10, make sure you install the latest
  security updates (always a good idea to start on top of those!)

* If you're on 21.04, it just went end of life. You should update to
  21.10 because of that, but not because of this particular security
  bug, which likely has already been fixed in a security patch.

Or am I missing something obvious?

Walt

On Thu, Jan 20, 2022 at 10:47:17AM -0500, jeffv via plug wrote:
> 'Now' would be the right time to patch Ubuntu container hosts and ditch
> 21.04 thanks to heap buffer overflow bug  [21.04 reaching EOL anyway]
> 
> https://www.theregister.com/2022/01/20/ubuntu_2104_eol/
> 
> The CVE-2022-0185 vulnerability in Ubuntu is severe enough that Red Hat is
> also advising immediate patching.
> 
> The flaw allows a process inside a Linux user namespace to escape, which
> means it potentially affects any machine running containers.
> 
> 
> 
> Version 7 of WINE is better than ever at running Windows apps where they
> shouldn't
> 
> https://www.theregister.com/2022/01/19/wine_7/
> 
> 
> 
> Information Technology Research Library
> 
> https://ostechnix.tradepub.com/category/information-technology/1207/
> 
> The top resource for free Information Technology research, white papers,
> reports, case studies, magazines, and eBooks.
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Attachment: signature.asc
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] patch Ubuntu now, Wine
  - From: jeffv via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] patch Ubuntu now, Wine
Next by Date: [PLUG] PLUG Meetup account
Previous by thread: Re: [PLUG] patch Ubuntu now, Wine
Next by thread: Re: [PLUG] patch Ubuntu now, Wine
Index(es):
- Date
- Thread