this post was submitted on 30 Mar 2024
986 points (98.5% liked)

linuxmemes

21238 readers
1254 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] user224@lemmy.sdf.org 79 points 7 months ago (12 children)

    Your Debian stable system is so ancient you got bigger vulnerabilities to worry about: Panik!

    Also the problem was that Debian's sshd linked to liblzma for some systemd feature to work. This mod was done by Debian team.

    [–] TheGingerNut@lemmy.blahaj.zone 35 points 7 months ago (1 children)

    Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

    The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

    [–] piefedderatedd@piefed.social 2 points 7 months ago (3 children)

    There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

    [–] jabjoe@feddit.uk 5 points 7 months ago

    Needless to say all his work ever will already be being reviewed.

    [–] dan@upvote.au 5 points 7 months ago

    They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

    [–] mumblerfish@lemmy.world 5 points 7 months ago

    Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

    load more comments (10 replies)