Justin Forbes wrote: > On Wed, Jan 11, 2023 at 6:53 AM Miro Hrončok <mhroncok(a)redhat.com> wrote: > > This does seem a bug. The big question, is does 6.1 make it go away? > kernel-6.1.4-200.fc37 is available in koji. The 6.0 series is end of > support for Fedora, and I expect 6.1.5 to be available as an update > this week. I believe that this bug might actually be a security vulnerability and therefore might need to be treated as such, with the usual CVE dance. Look: https://utcc.utoronto.ca/~cks/space/blog/linux/KernelBindBugIn6016 As mentioned at that link, this could lead to a process unexpectedly listening on 0.0.0.0 (and thus being reachable from outside) instead of listening only on 127.0.0.1 or not listening at all. -- Alexander E. Patrakov _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
