Sorry, is this the right address to send this type of stuff ??
Greg Manning <a31ford@gmail.com> https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-fou... Should a simple Mint user 21.3 Kernel 6.8.1-117 like myself be worried about the above ?? Greg Manning
On 2026-05-16 Greg Manning via Roundtable wrote:
Should a simple Mint user 21.3 Kernel 6.8.1-117 like myself be worried about the above ??
If you share a box with untrusted people, then yes. This lets any local user get root. If it's just you on your box, then the worst it does is let a hacker who gets local user access get root. But if they already have local user access, you're in a very vulnerable position already. It's a whole new class of bug, just like Spectre/etc was when it first came out. So now they'll find 10 bugs that are of this new class -- just like Spectre. Then they'll all get patched and we can move on. As for your particular distro: is it a supported version? Are they giving updates? Then update, reboot, and be happy. If it's an unsupported version then upgrade immediately. Never run an unupdated OS connected to the internet.
Not if you keep updating your system. Security Researchers are the "white hats" of the computer software industry, their job is to find bugs before bad guys do. Most times in the free/open source software world bugs are fixed amazingly fast. The fact that this bug is announced means bad guys are probably working on an exploit (if they haven't already) so be sure to always install updates. On Debian/Ubuntu derivations simply run "sudo apt-get install unattended-upgrades; sudo unattended-upgrades" and you'll have automatically installed security updates. Jason
On 05/16/2026 4:04 PM CDT Greg Manning via Roundtable <roundtable@muug.ca> wrote:
Greg Manning <a31ford@gmail.com mailto:a31ford@gmail.com>
https://www.zdnet.com/article/third-major-linux-kernel-flaw-in-two-weeks-fou...
Should a simple Mint user 21.3 Kernel 6.8.1-117 like myself be worried about the above ??
Greg Manning
_______________________________________________ Roundtable mailing list -- roundtable@muug.ca To unsubscribe send an email to roundtable-leave@muug.ca
On 2026-05-17 Jason Loughead via Roundtable wrote:
haven't already) so be sure to always install updates. On Debian/Ubuntu derivations simply run "sudo apt-get install unattended-upgrades; sudo unattended-upgrades" and you'll have automatically installed security updates. Jason
The problem is often not that people aren't updating, it's that they are running an EOL OS that doesn't get updates anymore. In this case, though, his Mint is still under support for another year. Also, unattended upgrades are generally a good thing (especially for home users), but most don't auto-reboot when it's a kernel bug. And all of these recent CVEs are kernel bugs, requiring reboots to take effect. Some package managers won't even restart all related daemons when their packages are updated, which is basically the same problem. Even worse when you're talking about libraries that are deps of other things! No magic bullet. You kind of have to keep up with the updates mailing lists for your distro, and/or run updates manually religiously and pay attention to what's going on so you restart daemons/programs and/or reboot. Even worse, every distro does it differently.
Quite true, I reboot all my machines daily via crontab. (crontab -l 2>/dev/null; echo "0 3 * * * /sbin/reboot") | crontab - Linux Mint EOL Security Updates: Linux Mint 22.x: Supported with security updates until April 2029. Linux Mint 21.x: Supported with security updates until April 2027. Linux Mint 20.x: Reached EOL in April 2025. No further security updates are provided for this version. I would upgrade to the latest LTS to ensure security updates continue to happen well into the near future. Running sudo apt install mintupgrade and then mintupgrade will achieve that. All the usual caveats of backing up any important data applies. In my experience most major Linux upgrade major versions with no major hiccups. Linux Mint upgrade: https://www.youtube.com/watch?v=GNSbSZC2BnU&t=15s Hope this helps, Jason
On 05/18/2026 12:02 AM CDT Trevor Cordes via Roundtable <roundtable@muug.ca> wrote:
On 2026-05-17 Jason Loughead via Roundtable wrote:
haven't already) so be sure to always install updates. On Debian/Ubuntu derivations simply run "sudo apt-get install unattended-upgrades; sudo unattended-upgrades" and you'll have automatically installed security updates. Jason
The problem is often not that people aren't updating, it's that they are running an EOL OS that doesn't get updates anymore. In this case, though, his Mint is still under support for another year.
Also, unattended upgrades are generally a good thing (especially for home users), but most don't auto-reboot when it's a kernel bug. And all of these recent CVEs are kernel bugs, requiring reboots to take effect.
Some package managers won't even restart all related daemons when their packages are updated, which is basically the same problem. Even worse when you're talking about libraries that are deps of other things!
No magic bullet. You kind of have to keep up with the updates mailing lists for your distro, and/or run updates manually religiously and pay attention to what's going on so you restart daemons/programs and/or reboot. Even worse, every distro does it differently. _______________________________________________ Roundtable mailing list -- roundtable@muug.ca To unsubscribe send an email to roundtable-leave@muug.ca
participants (3)
-
Greg Manning -
Jason Loughead -
Trevor Cordes