Hi. On Fri, Dec 04, 2020 at 12:13:02PM +0100, mj wrote: > I am wondering about the SAD DNS vulnerability, and wether or not it is > solved in up-to-date debian 10.6. > https://blog.kernelcare.com/vulnerability/kernelcare-patches-for-sad-dns-are-on-the-way > It says, bottom of the page, that fixes are scheduled to in week 48 for > debian and ubuntu. > However, I haven't seen any kernel updates. > Anyone with more information? (or pointers where to look for more > debian-specific info)
CVE-2020-25705 was fixed in upstream kernel 4.19.153, and stable kind of got this version (you have to know where to look for it): linux (4.19.160-1) buster; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.153 - icmp: randomize the global rate limiter (CVE-2020-25705) ... -- Salvatore Bonaccorso <car...@debian.org> Thu, 26 Nov 2020 21:23:20 +0100 Currently this kernel version sits in stable-proposed-updates. Reco