[PVE-User] CVE-2019-8912

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Feb 25 18:42:08 CET 2019

On 2/25/19 6:03 PM, José Manuel Giner wrote:
> According to this link, Proxmox VE 5 is affected.
> https://www.cloudlinux.com/cloudlinux-os-blog/entry/major-9-8-vulnerability-affects-multiple-linux-kernels-cve-2019-8912-af-alg-release
> We have a patch?

ah yeah, the hyped CVE ^^ but yes, a kernel with a fix[0] for this use-after-free
is available with pve-kernel-4.15.18-11-pve in version 4.15.18-34[1], at the time
of writing it's only in the pvetest repository, as the update is not to big it
will come to the other repos (no-subscription and enterprise) probably this week,
early next week if no regression emerges.


[0]: https://git.proxmox.com/?p=pve-kernel.git;a=commitdiff;h=cf6ea5cf3482781a5e93bb88f526c821bba7ca0d
[1]: https://git.proxmox.com/?p=pve-kernel.git;a=commitdiff;h=9bd09ca97abb37c24e3b0fe50e31d8fdf6f59ea5

More information about the pve-user mailing list