this post was submitted on 30 Mar 2024
975 points (98.5% liked)

linuxmemes

21304 readers
1218 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] user224@lemmy.sdf.org 79 points 7 months ago (4 children)

    Your Debian stable system is so ancient you got bigger vulnerabilities to worry about: Panik!

    Also the problem was that Debian's sshd linked to liblzma for some systemd feature to work. This mod was done by Debian team.

    [–] Dasnap@lemmy.world 116 points 7 months ago (1 children)
    [–] UckyBon@lemmy.world 24 points 7 months ago

    But do it in private, don't let my xz.

    [–] TheGingerNut@lemmy.blahaj.zone 35 points 7 months ago (1 children)

    Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

    The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

    [–] piefedderatedd@piefed.social 2 points 7 months ago (3 children)

    There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

    [–] mumblerfish@lemmy.world 5 points 7 months ago

    Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

    [–] jabjoe@feddit.uk 5 points 7 months ago

    Needless to say all his work ever will already be being reviewed.

    [–] dan@upvote.au 5 points 7 months ago

    They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

    [–] jnplch@discuss.tchncs.de 29 points 7 months ago

    The linked version in stable was not impacted.

    [–] PlexSheep@feddit.de 11 points 7 months ago (1 children)

    What do you mean bigger vulnerabilitirs to worry about in Debian stable?

    [–] user224@lemmy.sdf.org 8 points 7 months ago (2 children)

    Mostly a joke about him calling it "ancient", but there may be some unpatched vulnerabilities in older software. Though there could also be some new ones in newest versions.
    Still, unless it's Alpha/Beta/RC, it's probably better to keep it up-to-date.

    [–] scroll_responsibly@lemmy.sdf.org 11 points 7 months ago

    Debian patches security vulnerabilities in stable. They don’t change the version numbers or anything but they do fix security holes.

    [–] possiblylinux127@lemmy.zip 10 points 7 months ago

    Debian responds to security issues in stable within a fairly short window. They have a dedicated security team.