@colinianking stress-ng is definitely a serious tool! I was using it to try to reproduce a kernel bug in the MSFT Linux kernel last week. Thanks for all of your hard work on stress-ng. 🙂
Bravo to @RedHatSecurity for rhsecapi! It is a fast and friendly way to quickly look up the status of CVE(s) in Red Hat products. I wonder why it isn't more widely discussed/used?
https://t.co/hc3BGxhVML
@vnik5287@orinimron123 We were trying to be proactive in the backporting of Spectre mitigations but, unfortunately, made a human error during the process. Thanks for discovering it and making noise about it. Please don't hesitate to contact us in the future.
@pracucci Images for Ubuntu 18.10, 18.04 LTS, and 16.04 LTS are already available. An image for Ubuntu 19.04 is pending. I don't have an ETA for 19.04 right now so getting the kernel update via apt is your best bet there.
The status of Ubuntu kernel updates to address SACK Panic and friends (
CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) can be found here: https://t.co/qZw0ascnXU
@joeubuntu @ubuntu@ubuntu_sec When I heard that they had something to share, I thought I was getting early access to season 3 of Ozark. I guess helping them coordinate/disclose SACK Panic was the next best thing. 😉 But seriously, I look forward to more bug hunting from them because this was a great find.
Ubuntu updates are published to mitigate new Microarchitectural Data Sampling (MDS) vulnerabilities covering releases 16.04 LTS, 18.04 LTS, 18.10, 19.04 and 14.04 ESM.
https://t.co/eDlHStaL2o
@sleeksorrow@ubuntu_sec I've just asked NVD to adjust their score as it has caused quite a bit of confusion. This is the first time I've had to ask them to for such a thing so I'm not sure how timely it'll be. In the meantime, know that we've got updates queued up with the fix.
@sleeksorrow@ubuntu_sec No problem! Red Hat and SUSE have published their own CVSS v3 metrics that correctly state that the attack vectors is "Local" instead of "Network", which agrees with Ubuntu's stance. https://t.co/hNsOldnNhv https://t.co/ymxGuY0PJN