[GTALUG] Federal agency warns critical Linux vulnerability being actively exploited
CAREY SCHUG
sqrfolkdnc at comcast.net
Tue Jun 4 10:42:12 EDT 2024
question still as a dummy.
I try not to open emails from anybody I don't know, hovering over the "from" if the subject is unexpected.
But sometimes the mail program jumps as I click, and I open something I did not intend to open. Or a malfeasor might have intercepted an email I sent and crafted a reply from the person I sent it to.....or even have compromised their machine and added code to every email from them.
Could a script in an email exploit this?
I am not panicing, but I am concerned.
<pre>--Carey</pre>
> On 06/04/2024 7:33 AM CDT D. Hugh Redelmeier via talk <talk at gtalug.org> wrote:
>
>
> | From: CAREY SCHUG via talk <talk at gtalug.org>
>
> | Maybe i missed it, but can somebody post the "for dummies" command to
> | tell if one has the fix installed?
> |
> | I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?
>
> DON'T PANIC. For a Bad Guy to exploit this bug, they need to be able to
> run code of their choosing on your machine. I bet you don't let anyone
> dangerous log in to your machine. And I bet you don't run random shell
> scripts from the internet.
>
> The bug is pretty old so you are unlikely to have a kernel that
> predates the bug's introduction. So you need to have a kernel new enough
> to have the fix.
>
> Each distro probably released its own announcement some time after late
> January 2024. The bug's name is CVE-2024-1086. Googling that and your
> disto's name should get you to any announcement.
>
> Because distros don't want to let the cat out of the bag prematurely, they
> may be coy in the description of the update. The Good Guys want to
> release fixes before alerting Bad Guys of a vulnerability.
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list