:: [DNG] Critical CVE?
Inizio della pagina
Delete this message
Reply to this message
Autore: the pterodactyl
Data:  
To: dng
Oggetto: [DNG] Critical CVE?
>From Slashdot.org:

------------

Critical Unauthenticated RCE Flaw Impacts All GNU/Linux Systems

Posted by BeauHD on 2024-09-25 20:00 from the not-a-good-look dept.

"Looks like there's a storm brewing, and it's not good news," writes ancient Slashdot reader jd. "Whether or not the bugs are classically security defects or not, this is extremely bad PR for the Linux and Open Source community. It's not clear from the article whether this affects other Open Source projects, such as FreeBSD." From a report:

A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems. As per agreements with developers, the flaw, which has existed for over a decade, will be fully disclosed in less than two weeks. Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, although experts suggest there should be at least three to six. Leading Linux distributors such as Canonical and RedHat have confirmed the flaw's severity, rating it 9.9 out of 10. This indicates the potential for catastrophic damage if exploited. However, despite this acknowledgment, no working fix is still available. Developers remain embroiled in debates over whether some aspects of the vulnerability impact security.

----------

Howdy Devuaners,

Can someone "in the know" please tell us what this is about and whether we all
should start a re-install movie en masse? I saw an anonymous post (that I
*hate* to mention, lest a rumour spread and besmirch a fine, respected,
and venerable program) that it is CUPS, and that seems reasonable, given that
CUPS has been part of GNU/Linux for so long. But I have disabled the two (2)
services jic. Sayagain: Only an unsubstantiated rumour in a time of
crisis. Discretion pls.

Just between you, me, and the dear lord, I really, really hope the
vulnerability is in systemd. That would tickle me pink. (grin)

Thanking you for all your kind work,

--
Q:    Why do mountain climbers rope themselves together?
A:    To prevent the sensible ones from going home.