975

submitted 6 months ago by Emerald@lemmy.world to c/linuxmemes@lemmy.world

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] TheGingerNut@lemmy.blahaj.zone 34 points 6 months ago

Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

[-] piefedderatedd@piefed.social 2 points 6 months ago

There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

[-] mumblerfish@lemmy.world 5 points 6 months ago

Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

[-] jabjoe@feddit.uk 5 points 6 months ago

Needless to say all his work ever will already be being reviewed.

[-] dan@upvote.au 5 points 6 months ago

They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

this post was submitted on 30 Mar 2024

975 points (98.5% liked)

linuxmemes

20864 readers

1045 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world

rtxn@lemmy.world