Suggestion for Linux Distro (from PSA: Linux vulnerability)
Marco Sulla
Marco.Sulla.Python at gmail.com
Tue Apr 12 15:03:00 EDT 2022
On Tue, 29 Mar 2022 at 00:10, Peter J. Holzer <hjp-python at hjp.at> wrote:
> They are are about a year apart, so they will usually contain different
> versions of most packages right from the start. So the Ubuntu and Debian
> security teams probably can't benefit much from each other.
Well, this is what my updater on Lubuntu says to me today:
Changes for tcpdump versions:
Installed version: 4.9.3-0ubuntu0.18.04.1
Available version: 4.9.3-0ubuntu0.18.04.2
Version 4.9.3-0ubuntu0.18.04.2:
* SECURITY UPDATE: buffer overflow in read_infile
- debian/patches/CVE-2018-16301.patch: Add check of
file size before allocating and reading content in
tcpdump.c and netdissect-stdinc.h.
- CVE-2018-16301
* SECURITY UPDATE: resource exhaustion with big packets
- debian/patches/CVE-2020-8037.patch: Add a limit to the
amount of space that can be allocated when reading the
packet.
- CVE-2020-8037
I use an LTS version. So it seems that Ubuntu benefits from Debian
security patches. Not sure about the contrary.
More information about the Python-list
mailing list