[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited
D. Hugh Redelmeier
hugh at mimosa.com
Tue Jun 4 08:33:52 EDT 2024
| From: CAREY SCHUG via talk <talk at gtalug.org>
| Maybe i missed it, but can somebody post the "for dummies" command to
| tell if one has the fix installed?
|
| I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?
DON'T PANIC. For a Bad Guy to exploit this bug, they need to be able to
run code of their choosing on your machine. I bet you don't let anyone
dangerous log in to your machine. And I bet you don't run random shell
scripts from the internet.
The bug is pretty old so you are unlikely to have a kernel that
predates the bug's introduction. So you need to have a kernel new enough
to have the fix.
Each distro probably released its own announcement some time after late
January 2024. The bug's name is CVE-2024-1086. Googling that and your
disto's name should get you to any announcement.
Because distros don't want to let the cat out of the bag prematurely, they
may be coy in the description of the update. The Good Guys want to
release fixes before alerting Bad Guys of a vulnerability.
More information about the talk
mailing list