• Nora@sh.itjust.works
    link
    fedilink
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    What the hell is with all these vulnerabilities lately. Did the US govt toolbox get leaked or something? Are people using AI to find these?

    There’s been so many in just the last month.

  • Laser@feddit.de
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    An interesting fact about the affected versions: It was introduced in 2.34, so there was a comment on hackernews that Red Hat 8 isn’t affected because it ships with an earlier version. However, from Red Hat’s customer Portal:

    Statement

    This vulnerability was introduced in glibc 2.34 in commit 2ed18c. The commit that introduced the vulnerability was backported to RHEL-8.6 and is affected.

    So just checking version numbers for vulnerabilities isn’t really enough. I had a similar discussion at work lately where a CVE fix was listed in a stable kernel’s changelog even though going by the vulnerable versions listed in the CVE itself, that kernel wasn’t affected.

    • loki@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      So if RHEL is affected, it means Rocky and AlmaLinux is too.

    • Ansis@iusearchlinux.fyi
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I don’t have answers but I love this one. They’re usually pretty dumb, like a wrench on a motherboard or something. This one is actually funny with no intent on being serious.