Comments

2 Comments

My apologies -- not sure why this is happening just yet, but my testing was to do a mockbuild and then:

$ sudo dnf install acpica-tools-20180508-1.fc27.x86_64.rpm

which worked fine on my f27 desktop (I see that you had the same issue on f27 and f28, too). I'll try via the repo and see what happens. Again, sorry that happened, but we'll make it right as soon as possible.

Howdy @lewassec.

Sorry for the confusion; the source code used for ACPICA is common to both acpica-tools and the kernel (see drivers/acpi/acpica). It is the same upstream, but very different packaging. You are correct that the kernel has been repaired in the notices listed; if you are using that kernel, you are not vulnerable. This version of acpica-tools just makes sure that the user space tools are consistent with what the kernel is doing functionally; since these tools do not run in kernel space, they cannot expose the same information that was the original concern in the CVEs. Unfortunately, I just re-used the recommended text in the bug report for #1485355 and it is indeed ambiguous.

Is that clearer?