Join Log in
Score:2
szx avatar Ubuntu

Does Ubuntu 22.04.3 come with the Downfall patch pre-installed?

th flag
szx

Does Ubuntu 22.04.3 Live CD/DVD image come with the patch for CVE-2022-40982 (i.e. with the latest intel-microcode package)?

I could not find this information in the release notes or the change summary. So this means it doesn't?

702
1 + 0
Score:4
user535733 avatar Ubuntu
cn flag
user535733

How to determine the package version before install.

  1. Go the the download page. Example for 22.04.3: https://releases.ubuntu.com/jammy/

  2. Look for the .manifest file for your preferred .iso

    enter image description here

  3. The .manifest file is just a text file. Open it. Or download it. Then Search for your package.

    enter image description here

  4. [OPTIONAL for your mentioned CVE] Compare to the patched version number provided by the Ubuntu CVE Tracker

    enter image description here

In this example, the versions don't match: The .manifest contains an older version (20230214) than the patched version (20230808). Therefore that particular .iso does not have the patched version. This is understandable: The .iso was created on August 7, and the CVE tracker was updated on August 8. The patch missed the cutoff. Future respins of the installer will include newer packages.

Also, the very first time Ubuntu runs apt upgrade or Unattended Upgrades, including perhaps during the install, the patched version will be pulled in with other upgrades from the Ubuntu repositories. There's nothing special that users must do to get security patches immediately: A stock Ubuntu system checks for deb security updates twice daily and snap updates four times daily.

+ 1
user535733 avatar
cn flag
user535733
@szx the patch arrived a day after the respin was made. There's a whole paragraph about that in this answer.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.