It is already in kernel since 4.14.203

     File to patch:
     Skip this patch? [y]
     Skipping patch.
     1 out of 1 hunk ignored
     patching file net/ipv4/icmp.c
     Reversed (or previously applied) patch detected!  Skipping patch.
     2 out of 2 hunks ignored -- saving rejects to file 
net/ipv4/icmp.c.rej
     make: *** [linux:137: /usr/src/log/linux-4.14.206-ipfire] Error 1




Am 2020-11-17 12:05, schrieb Michael Tremer:
> Hello,
> 
> Yes, we should add this patch to the currently open next branch.
> 
> Who will send a patch?
> 
> Best,
> -Michael
> 
>> On 16 Nov 2020, at 16:10, Peter Müller <peter.mueller(a)ipfire.org> 
>> wrote:
>> 
>> Hello *,
>> 
>> since Core Update 153 is already scheduled to come with a new kernel, 
>> including this
>> patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) 
>> into it makes
>> sense IMHO:
>> 
>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b38e7819cae946e2edf869e604af1e65a5d241c5
>> 
>> Further reading is available at, for example, ZDNet:
>> https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-dns/
>> 
>> Thanks, and best regards,
>> Peter Müller