447
you are viewing a single comment's thread
view the rest of the comments
[-] germanatlas@lemmy.blahaj.zone 87 points 5 months ago

no real-world use found for staying more than one version behind

The ssh vulnerability didn’t affect Debian because the packages were too many versions behind

[-] azvasKvklenko@sh.itjust.works 45 points 5 months ago

AFAIK, the xz vulnerability was designed for Debian based on its workaround fixing systemd service status detection. Even if it shipped to something like Arch, the malicious code wouldn’t load.

[-] cygnus@lemmy.ca 22 points 5 months ago

Security through Geriatricity

[-] bisby@lemmy.world 21 points 5 months ago

Except this isn't true at all.

https://security-tracker.debian.org/tracker/CVE-2024-6387

Regresshion impacted bookworm and trixie both. Buster was too old.

With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys's page states version 8.5p1-9.8p1 were vulnerable).

If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.

[-] acockworkorange@mander.xyz 19 points 5 months ago

Isn’t this meme format completely written in sarcasm?

[-] renzev@lemmy.world 1 points 4 months ago

We're on a meme page. There is little difference between sarcasm and being serious here. It doesn't matter whether OP is being fully sarcastic or fully serious, people in the comments may hold the same opinion seriously, sarcastically, or with a mixture of both. The format is irrelevant

[-] alienghic@slrpnk.net 1 points 1 month ago

The xz/ssh back door made it into Debian testing, So I felt I should wipe and reinstall.

Debian has had a rolling release for ages.

this post was submitted on 01 Jul 2024
447 points (90.6% liked)

linuxmemes

21282 readers
1187 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS