Re: sad dns
On Fri, Dec 04, 2020 at 12:13:02PM +0100, mj wrote:
> I am wondering about the SAD DNS vulnerability, and wether or not it is solved in up-to-date debian 10.6.
> It says, bottom of the page, that fixes are scheduled to in week 48 for debian and ubuntu.
> However, I haven't seen any kernel updates.
> Anyone with more information? (or pointers where to look for more debian-specific info)
CVE-2020-25705 was fixed in upstream kernel 4.19.153, and stable kind of got
this version (you have to know where to look for it):
linux (4.19.160-1) buster; urgency=medium
* New upstream stable update:
- icmp: randomize the global rate limiter (CVE-2020-25705)
-- Salvatore Bonaccorso <firstname.lastname@example.org> Thu, 26 Nov 2020 21:23:20 +0100
Currently this kernel version sits in stable-proposed-updates.
- sad dns
- From: mj <email@example.com>