On 3/14/22 13:37, Michael Cronenworth wrote: > On 3/14/22 12:09 PM, Dusty Mabe wrote: >> Fortunately this bug was caught in our `testing` stream. Unfortunately, >> we do need to proceed promoting this kernel into our `stable` stream >> because the update will fix CVE-2022-0847 (known as "dirty pipe"). > > This CVE should have been fixed in 5.16.11. > > https://bugzilla.redhat.com/show_bug.cgi?id=2060795#c16 Hey Michael, This email was sent to our coreos-status@ mailing list and copied to devel@. I should have made it more clear up front in the email, but this information is given in the context of Fedora CoreOS, which only releases every few weeks and follows a promotion process [1]. The first kernel in the Fedora CoreOS stream releases that fixes the CVE is 5.16.13. [1] https://docs.fedoraproject.org/en-US/fedora-coreos/update-streams/ _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
