Re: Switching XZ for ZSTD?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 04, 2024 at 05:04:20PM +0000, Arnie T via devel wrote:
> Hi Stephen,
> 
> Thanks for the explanation.
> 
> I just caught up with the article at the New York Times,
> 
> Did One Guy Just Stop a Huge Cyberattack?
> https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html
> 
> And the comic that looks like it fits the problem I'm most noticing here!
> 
> https://xkcd.com/2347/
> 
> I have to admit that I still don't know what the best or most official "At least do this" instruction page is for a Fedora user.
> I don't see anything at the main https://fedoraproject.org/ website or its "News & Announcements" page.

The magazine article should cover this. 

If you are using Fedora 38 or Fedora 39, nothing to do. The versions
affected were never in there.

If you are using Fedora 40 (prerelease) or Rawhide you should urgently update.
This will get you the clean version. If you wish to be extra cautious,
you could reinstall from current nightly media.

> In this thread its becoming about the details of the process. But not yet about a solution. All of which I get.
> And in private emails people are insisting on sending to me about how I'm unreasonable for asking the questions, and "should have" understood this or that.
> So, with your discussion the best guess I can some up with is to make sure XZ is downgraded and just hope that one of this Jia Tan's 6000+ commits are still hidden in some other project with not enough eyes. Or that the XKCD coming true doesn't happen again.

Lots of folks are scrutinizing those commits.
There were some minor things discovered, but nothing (at least that I
know of right now) that affects Fedora.

There are changes coming in systemd, openssh and other places that would
make this particular vector harder/impossible also.

kevin

Attachment: signature.asc
Description: PGP signature

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux