Hello *,
since Core Update 153 is already scheduled to come with a new kernel, including this patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) into it makes sense IMHO:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Further reading is available at, for example, ZDNet: https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-...
Thanks, and best regards, Peter Müller
Hello,
Yes, we should add this patch to the currently open next branch.
Who will send a patch?
Best, -Michael
On 16 Nov 2020, at 16:10, Peter Müller peter.mueller@ipfire.org wrote:
Hello *,
since Core Update 153 is already scheduled to come with a new kernel, including this patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) into it makes sense IMHO:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Further reading is available at, for example, ZDNet: https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-...
Thanks, and best regards, Peter Müller
It is already in kernel since 4.14.203
File to patch: Skip this patch? [y] Skipping patch. 1 out of 1 hunk ignored patching file net/ipv4/icmp.c Reversed (or previously applied) patch detected! Skipping patch. 2 out of 2 hunks ignored -- saving rejects to file net/ipv4/icmp.c.rej make: *** [linux:137: /usr/src/log/linux-4.14.206-ipfire] Error 1
Am 2020-11-17 12:05, schrieb Michael Tremer:
Hello,
Yes, we should add this patch to the currently open next branch.
Who will send a patch?
Best, -Michael
On 16 Nov 2020, at 16:10, Peter Müller peter.mueller@ipfire.org wrote:
Hello *,
since Core Update 153 is already scheduled to come with a new kernel, including this patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) into it makes sense IMHO:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
Further reading is available at, for example, ZDNet: https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-...
Thanks, and best regards, Peter Müller
Even better.
Thank you for checking, Arne.
-Michael
On 18 Nov 2020, at 18:34, Arne Fitzenreiter arne_f@ipfire.org wrote:
It is already in kernel since 4.14.203
File to patch: Skip this patch? [y] Skipping patch. 1 out of 1 hunk ignored patching file net/ipv4/icmp.c Reversed (or previously applied) patch detected! Skipping patch. 2 out of 2 hunks ignored -- saving rejects to file net/ipv4/icmp.c.rej make: *** [linux:137: /usr/src/log/linux-4.14.206-ipfire] Error 1
Am 2020-11-17 12:05, schrieb Michael Tremer:
Hello, Yes, we should add this patch to the currently open next branch. Who will send a patch? Best, -Michael
On 16 Nov 2020, at 16:10, Peter Müller peter.mueller@ipfire.org wrote: Hello *, since Core Update 153 is already scheduled to come with a new kernel, including this patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) into it makes sense IMHO: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... Further reading is available at, for example, ZDNet: https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-sad-... Thanks, and best regards, Peter Müller