Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 6F78F7810CF for <~alpine/users@lists.alpinelinux.org>; Tue, 25 Jan 2022 18:10:30 +0000 (UTC) Received: by mail-wr1-f52.google.com with SMTP id w11so9260321wra.4 for <~alpine/users@lists.alpinelinux.org>; Tue, 25 Jan 2022 10:10:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zTxA1Fg8lqeMGsGZ54B++s9dEpE2ZlMeTqhf1M896dc=; b=AxmyOtQFDTdlHO3IjXlZIW9mRUOW7Ok2XiuMz0tmIuU0Bth6vnbVCupsuTgdiCq1jk XDviYaJ4vnBfHDyAjpiEp2OZK0nKr/5AoaHNh0i7XPGgmCFCygzOsSpdrQhi5kFSCcI1 frrapE1qS9jGrxJl35lknsFQA0gj20BQfBW/6UyS2uSHlGU5w4UrbSX7wmK+JboVf3cN yo4iQEmvLTnWTwETErDkrJz9QQkwLom0nmoWFsle1JLV42J7WS+QHopHs/WhtPEg/KI2 8G0fD+gwUfaz52Ka6nDS1ggMp4P6J5r4qlgeSu/egtPVPqf17qhIE+iPimC04ug5SOpu OkuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zTxA1Fg8lqeMGsGZ54B++s9dEpE2ZlMeTqhf1M896dc=; b=Zov+r9/jsCLWlabCSj/ea0huQNM30NoGamToBXI05NJUtYoMIn3HgRGK5swyIYpPtj XMfJ7npJhp4sj6UzCiFx+EkXdc3Y9Dp1TC0NXO7TRauFBpKFwrRGOQKxP/7cFa+hgd3n 55mgzNm9hk4p7hoVyyc1CZQ6S0O+21DlARAcld4Pw15mf/4lo+txz2ueU+Mnf+CvXcYr NusypILskS4xRs1VdXJhXiDYGvViae4h245YSOfm+SkAkxbwTLAtutn/Kq8BG27hVL5z HJWe4oAhq554TGHTjWTCSZH92TQ1Uv5l2+m8ewaGMD+IIDwIpHYt0964V57wX63yVNjv ee+g== X-Gm-Message-State: AOAM530h8SmGLKjhDaenTavbhusVuaFkZefhWi+yBeMxbPYNx2cb86MW mjxL0a4w+PffSIBA/35G75qNyETrMEo= X-Google-Smtp-Source: ABdhPJwLX0bOJ+BDZBcT4o8a31dMAm+7cktzxqrBnEMBVk62O6O344S9Swtvm6HRf+TaoUN4Ftrk4g== X-Received: by 2002:adf:e5ce:: with SMTP id a14mr20069516wrn.111.1643134230015; Tue, 25 Jan 2022 10:10:30 -0800 (PST) Received: from homepc.lan (ip-088-152-185-170.um26.pools.vodafone-ip.de. [88.152.185.170]) by smtp.gmail.com with ESMTPSA id l5sm1080747wmq.7.2022.01.25.10.10.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Jan 2022 10:10:29 -0800 (PST) Date: Tue, 25 Jan 2022 19:10:29 +0100 From: Daniel Kulesz To: ~alpine/users@lists.alpinelinux.org Cc: paul@jonar.com Subject: Re: Alpine Linux affected by CVE-2022-0185? Message-Id: <20220125191029.bb2f9d7cffc84139ea842f8e@googlemail.com> In-Reply-To: References: X-Mailer: Daniel's homebrew MUA 0.0.1-early-pre-alpha Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi Paul, as you can read in the Linux kernel changelog, the bugfix has been applied in kernel 5.15.16 already: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16 vfs: fs_context: fix up param length parsing in legacy_parse_param ... You can see the link between this fix and CVE-2022-0185 e.g. on Debian's tracker: https://security-tracker.debian.org/tracker/CVE-2022-0185 Since Alpine already ships kernel 5.15.16 since 2022-01-21 in its linux-lts package, I would consider this fixed in Alpine (at least for 3.15): https://pkgs.alpinelinux.org/package/edge/main/x86/linux-lts Cheers, Daniel On Tue, 25 Jan 2022 18:43:17 +0100 Paul Bakker wrote: > So what about this CVE then? > > Should I create an issue for it in Gitlab? > > If so: in which project specifically? On Tue, 25 Jan 2022 18:43:17 +0100 Paul Bakker wrote: > So what about this CVE then? > > Should I create an issue for it in Gitlab? > > If so: in which project specifically?