Fedora vulnerability

[wove]

Today Fedora magazine had a post the system tools included in the latest Rawhide builds as well as the Beta builds for Fedora 40 contain a vulnerability and they should not be used until patched builds become available.

<http://fedoramagazine.org/?action=user_ ... S00MDA0Mg=>

Sorry about the long url, my BBCode skills are horrible.

[crosscourt]

No problem with the long url but its been interesting lately with these types of issues cropping up.

[wove]

Ars noted that the vulnerability in the compression routines in the xz Utils was included in Debian Testing as well. So many low level utilities are spread across Linux and BSD that minor glitches in the software end up impacting many OSes. I know that xz Utils are part of Mac OS, Haiku also has that package. I guess if nothing else it provides a solid reason shy away from a rolling release and stick with an LTS version.

[crosscourt]

Im glad this was caught though before widespread adoption occured, which would have been a nightmare.

[crosscourt]

Chris Titus has a video out about XZ and it was made out top be a bigger deal than it really was. Both RPM and Deb were affected but to varying degrees. Red Hat derived distros were heavily affected but Suse for instance wasn't and a fix was out quite quickly, Debian stable was fine but the other versions were affected to a lesser degree. Arch users were completely unaffected but the actual means that had to occur to affect users of other distros had to line up perfectly. There is a habit of sensationalizing problems, particularly with Linux, as people see it as being very secure and somehow want to compromise its image.