On Fri, Jan 13, 2023 at 9:00 AM <patrakov@xxxxxxxxx> wrote: > > Justin Forbes wrote: > > > On Wed, Jan 11, 2023 at 6:53 AM Miro Hrončok <mhroncok(a)redhat.com> wrote: > > > > This does seem a bug. The big question, is does 6.1 make it go away? > > kernel-6.1.4-200.fc37 is available in koji. The 6.0 series is end of > > support for Fedora, and I expect 6.1.5 to be available as an update > > this week. > > I believe that this bug might actually be a security vulnerability and therefore might need to be treated as such, with the usual CVE dance. Look: > > https://utcc.utoronto.ca/~cks/space/blog/linux/KernelBindBugIn6016 > > As mentioned at that link, this could lead to a process unexpectedly listening on 0.0.0.0 (and thus being reachable from outside) instead of listening only on 127.0.0.1 or not listening at all. CVE or not, we don't really wait around for a CVE to push updates. The 6.1.5 kernels are in updates-testing right now. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
