HM King Charles III DG FD@feddit.uk to Selfhosted@lemmy.worldEnglish · 2 days agoSerious Linux vulnerability affecting nearly every system. Patch your systems.copy.failexternal-linkmessage-square62fedilinkarrow-up1292arrow-down14cross-posted to: selfhosted@lemmy.worldtechnology@lemmy.worldlinux@lemmy.mllinux@programming.devlinux@lemmy.ml
arrow-up1288arrow-down1external-linkSerious Linux vulnerability affecting nearly every system. Patch your systems.copy.failHM King Charles III DG FD@feddit.uk to Selfhosted@lemmy.worldEnglish · 2 days agomessage-square62fedilinkcross-posted to: selfhosted@lemmy.worldtechnology@lemmy.worldlinux@lemmy.mllinux@programming.devlinux@lemmy.ml
minus-squareShortN0te@lemmy.mllinkfedilinkEnglisharrow-up5arrow-down2·14 hours agoThe patches where proposed over a month ago and the patch to the kernel was commited on 1th of April. Either the Vulnerability was not proper communicated to the distro maintainers or they were the ones sleeping. This was probably executed as a responsible discllsure where clear timelines and release dates get communicated from the beginning. I find it hard to blame the security team here when there was 1 month of time between first commited patch and release of the PoC.
minus-squareWhyJiffie@sh.itjust.workslinkfedilinkEnglisharrow-up2·11 hours ago and the patch to the kernel was commited on 1th of April. are you sure? what I have seen in git patch dates is 11th for the unreleased 7.0, and yesterday for the LTS versions
minus-squareShortN0te@lemmy.mllinkfedilinkEnglisharrow-up1·9 hours agoLooking at the CVE on NIST,i found following commit which dates to 30.03 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
The patches where proposed over a month ago and the patch to the kernel was commited on 1th of April.
Either the Vulnerability was not proper communicated to the distro maintainers or they were the ones sleeping.
This was probably executed as a responsible discllsure where clear timelines and release dates get communicated from the beginning.
I find it hard to blame the security team here when there was 1 month of time between first commited patch and release of the PoC.
are you sure? what I have seen in git patch dates is 11th for the unreleased 7.0, and yesterday for the LTS versions
Looking at the CVE on NIST,i found following commit which dates to 30.03
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5