linuxmemes

20859 readers

2112 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith

zephyr

rtxn

986

Debian security amirite? (lemmy.world)

submitted 6 months ago by Emerald to c/linuxmemes

75 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 79 points 6 months ago (12 children)

Your Debian stable system is so ancient you got bigger vulnerabilities to worry about: Panik!

Also the problem was that Debian's sshd linked to liblzma for some systemd feature to work. This mod was done by Debian team.

[–] [email protected] 35 points 6 months ago (4 children)

Even if you're using debian 12 bookworm and are fully up to date, you're still running [5.4.1].

The only debian version actually shipping the vulnerable version of the package was sid, and being a canary for this kind of thing is what sid is for, which it's users know perfectly well.

[–] [email protected] 2 points 6 months ago (3 children)

There was a comment on Mastodon or Lemmy saying that the bad actor had been working with the project for two years so earlier versions may have malicious code as well already.

[–] mumblerfish 5 points 6 months ago

Distros like gentoo reverted to 5.4.2 for that reason. If debian stable is on 5.4.1 that should be ok.

[–] [email protected] 5 points 6 months ago

Needless to say all his work ever will already be being reviewed.

[–] [email protected] 5 points 6 months ago

They did but the malware wasn't fully implemented yet. They spent quite a while implementing it, I guess to try and make it less obvious.

load more comments (7 replies)