On Thu, Apr 04, 2024 at 05:04:20PM +0000, Arnie T via devel wrote: > Hi Stephen, > > Thanks for the explanation. > > I just caught up with the article at the New York Times, > > Did One Guy Just Stop a Huge Cyberattack? > https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html > > And the comic that looks like it fits the problem I'm most noticing here! > > https://xkcd.com/2347/ > > I have to admit that I still don't know what the best or most official "At least do this" instruction page is for a Fedora user. > I don't see anything at the main https://fedoraproject.org/ website or its "News & Announcements" page. The magazine article should cover this. If you are using Fedora 38 or Fedora 39, nothing to do. The versions affected were never in there. If you are using Fedora 40 (prerelease) or Rawhide you should urgently update. This will get you the clean version. If you wish to be extra cautious, you could reinstall from current nightly media. > In this thread its becoming about the details of the process. But not yet about a solution. All of which I get. > And in private emails people are insisting on sending to me about how I'm unreasonable for asking the questions, and "should have" understood this or that. > So, with your discussion the best guess I can some up with is to make sure XZ is downgraded and just hope that one of this Jia Tan's 6000+ commits are still hidden in some other project with not enough eyes. Or that the XKCD coming true doesn't happen again. Lots of folks are scrutinizing those commits. There were some minor things discovered, but nothing (at least that I know of right now) that affects Fedora. There are changes coming in systemd, openssh and other places that would make this particular vector harder/impossible also. kevin
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
