Fedora vulnerability

Discussion on Linux distributions
Post Reply
wove
Posts: 1205
Joined: Mon May 04, 2020 4:47 pm

Fedora vulnerability

Post by wove »

Today Fedora magazine had a post the system tools included in the latest Rawhide builds as well as the Beta builds for Fedora 40 contain a vulnerability and they should not be used until patched builds become available.

<http://fedoramagazine.org/?action=user_ ... S00MDA0Mg=>

Sorry about the long url, my BBCode skills are horrible.
User avatar
crosscourt
Posts: 11140
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: Fedora vulnerability

Post by crosscourt »

No problem with the long url but its been interesting lately with these types of issues cropping up.
Site Moderator
wove
Posts: 1205
Joined: Mon May 04, 2020 4:47 pm

Re: Fedora vulnerability

Post by wove »

Ars noted that the vulnerability in the compression routines in the xz Utils was included in Debian Testing as well. So many low level utilities are spread across Linux and BSD that minor glitches in the software end up impacting many OSes. I know that xz Utils are part of Mac OS, Haiku also has that package. I guess if nothing else it provides a solid reason shy away from a rolling release and stick with an LTS version.
User avatar
crosscourt
Posts: 11140
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: Fedora vulnerability

Post by crosscourt »

Im glad this was caught though before widespread adoption occured, which would have been a nightmare.
Site Moderator
User avatar
crosscourt
Posts: 11140
Joined: Sun Jan 14, 2018 5:38 pm
Location: Wash DC
Contact:

Re: Fedora vulnerability

Post by crosscourt »

Chris Titus has a video out about XZ and it was made out top be a bigger deal than it really was. Both RPM and Deb were affected but to varying degrees. Red Hat derived distros were heavily affected but Suse for instance wasn't and a fix was out quite quickly, Debian stable was fine but the other versions were affected to a lesser degree. Arch users were completely unaffected but the actual means that had to occur to affect users of other distros had to line up perfectly. There is a habit of sensationalizing problems, particularly with Linux, as people see it as being very secure and somehow want to compromise its image.
Site Moderator
Post Reply