Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: CVE-2022-40982 is not resolved.

  1. #11
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    13,938
    Distro
    Ubuntu

    Re: CVE-2022-40982 is not resolved.

    Why do you want to file a bug report for the resolved package here?

    Edit: adding this for what the pro fix output is for mantic:
    Code:
    pro fix CVE-2022-40982 
    CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
     - https://ubuntu.com/security/CVE-2022-40982
    
    2 affected source packages are installed: intel-microcode, linux
    (1/2) linux:
    A fix is coming soon. Try again tomorrow.
    (2/2) intel-microcode:
    A fix is available in Ubuntu standard updates.
    The update is already installed.
    
    1 package is still affected: linux
    ✘ CVE-2022-40982 is not resolved.
    Last edited by deadflowr; October 23rd, 2023 at 07:03 PM. Reason: more info for context
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  2. #12
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: CVE-2022-40982 is not resolved.

    This:
    Code:
    pro fix CVE-2022-40982
    CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
     - https://ubuntu.com/security/CVE-2022-40982
    
    2 affected source packages are installed: intel-microcode, linux
    (1/2) linux:
    A fix is coming soon. Try again tomorrow.
    (2/2) intel-microcode:
    A fix is available in Ubuntu standard updates.
    The update is already installed.
    
    1 package is still affected: linux
    ✘ CVE-2022-40982 is not resolved.

  3. #13
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    13,938
    Distro
    Ubuntu

    Re: CVE-2022-40982 is not resolved.

    Yep.
    So why file a bug against intel-microcode?
    The unresolved package is the linux package.
    Which is currently pending.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  4. #14
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: CVE-2022-40982 is not resolved.

    Do you have a link for that pending fix?
    I've been looking for one, and not seen in "uname -r
    6.5.0-9-generic
    "
    Last edited by #&thj^%; October 23rd, 2023 at 07:15 PM.

  5. #15
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    13,938
    Distro
    Ubuntu

    Re: CVE-2022-40982 is not resolved.

    Scroll down the CVE page.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  6. #16
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: CVE-2022-40982 is not resolved.

    Nothing found on that kernel I mention, BTW this is for jauntyjackalope2
    It doesn't seem to affect mantic ATM

  7. #17
    Join Date
    Mar 2010
    Location
    USA
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: CVE-2022-40982 is not resolved.

    @deadflowr -- Just going off what he said and posted.

    At the CVE page it said that CVE 2022-40982 says that for Mantic, that package 'intel-microcode" was fixed & handle by normal updates:
    Code:
    mantic     
    Released (3.20230808.1)
    JauntyJackolope has that update installed, but his results say that is not resolved for him on that version of that package. I know package 'linux' still holds the other piece of that CVE fix, which is forthcoming. But that "is" what "he" said, right?

    @deadflowr -- Wouldn't that say there might be a bug with the "fixed" version of 'intel-microcode' being installed, but then reporting that that is not resolved? IDK, but that makes sense to me, "if" that is what he is really saying, right? Your output says that update is already installed for you... But his? IDK

    IDK. Not a deal breaker. Not mine. Just saying... I agree that for Mantic, this should probably split out to a new thread.
    Last edited by MAFoElffen; October 23rd, 2023 at 07:40 PM.

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

  8. #18
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    13,938
    Distro
    Ubuntu

    Re: CVE-2022-40982 is not resolved.

    Screenshot of the linux package from the cve page:

    Screenshot from 2023-10-23 13-38-29.jpg
    You need to scroll way down to find it.
    And it's not the very bottom, but close.

    The unresolved is the linux package for mantic.

    intel-microcode is fixed. The pro fix output two of us posted tell us that.


    Perhaps if a bug would be filed it would be to make the pro fix output clearer.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  9. #19
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: CVE-2022-40982 is not resolved.

    Quote Originally Posted by deadflowr View Post
    Perhaps if a bug would be filed it would be to make the pro fix output clearer.
    yep that's the thought here.
    seen that but nothing for "6.5.0-9-generic" again I have no worries, I have to go through some pretty tough audits, and i pass ok on Ubuntu.
    I get stellar results on BSD, but that's neither here or there...lol

  10. #20
    #&thj^% is offline I Ubuntu, Therefore, I Am
    Join Date
    Aug 2016
    Beans
    Hidden!

    Re: CVE-2022-40982 is not resolved.

    OK Alex got a hold of me and all is good as they say:
    The fix for intel-microcode is already installed as you can see, and
    correctly identified as such by the pro client:
    (2/2) intel-microcode:
    A fix is available in Ubuntu standard updates.
    The update is already installed.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    The issue here seems to be that the pro client itself is complaining
    that the associated fix for the linux kernel package is not installed.
    The CVE page at https://ubuntu.com/security/CVE-2022-40982 shows the fix
    for mantic (Ubuntu 23.10) is still pending, so nothing seems to be amiss
    that I can see.
    ** CVE added: https://cve.mitre.org/cgi-bin/cvenam...ame=2022-40982
    ** Changed in: intel-microcode (Ubuntu)
    Status: New => Invalid
    ** Information type changed from Private Security to Public
    --
    You received this bug notification because you are subscribed to the bug
    report.
    https://bugs.launchpad.net/bugs/2040112
    We talked about wording it a little cleaner, so we shall see.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •