iproute2 4.19.0 fixed a use after free bug. From https://lkml.org/lkml/2018/10/23/624 : "Vlad Buslov (1): libnetlink: fix use-after-free of message buf" Unclear if there's a security risk, but uaf bug impact is hard to predict. We had never versions in the tree for a while, but latest stable is still vulnerable (4.17.0-r1). Can we stabilize a newer version? (Let's directly go for the latest 5.0.0?)
(In reply to Hanno Boeck from comment #0) > > We had never versions in the tree for a while, but latest stable is still > vulnerable (4.17.0-r1). Can we stabilize a newer version? (Let's directly go > for the latest 5.0.0?) I'd prefer to stick with LTS kernel versions which would be =iproute2-4.19.0-r1 in this case.