[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited

[D. Hugh Redelmeier]

| From: CAREY SCHUG via talk <talk at gtalug.org>

| Maybe i missed it, but can somebody post the "for dummies" command to 
| tell if one has the fix installed?
| 
| I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?

DON'T PANIC.  For a Bad Guy to exploit this bug, they need to be able to 
run code of their choosing on your machine.  I bet you don't let anyone 
dangerous log in to your machine.  And I bet you don't run random shell 
scripts from the internet.

The bug is pretty old so you are unlikely to have a kernel that 
predates the bug's introduction.  So you need to have a kernel new enough 
to have the fix.

Each distro probably released its own announcement some time after late 
January 2024.  The bug's name is CVE-2024-1086.  Googling that and your 
disto's name should get you to any announcement.

Because distros don't want to let the cat out of the bag prematurely, they 
may be coy in the description of the update.  The Good Guys want to 
release fixes before alerting Bad Guys of a vulnerability.