:: Re: [DNG] Critical CVE?
Top Page
Delete this message
Reply to this message
Author: Martin Steigerwald
Date:  
To: dng
Subject: Re: [DNG] Critical CVE?
Hi.

Peter Duffy - 26.09.24, 20:21:15 CEST:
> According to ElReg, the discoverer is going to be posting a disclosure
> and proof-of-concept exploit tonight at 20:00 UTC:
>
> https://www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/


Thanks.

So let's see whether it is just hype or real.

It could very well be for real, but so far I have seen nothing official
about it. I must say that I dislike this kind of hype inducing way to tell
the public about a security issue. But it is kind of a trend nowadays.
Every other security issue needs an own web page and a logo. I wonder
whether all of this is more about brushing up egos than anything else. But
anyway, let's see whether there is something real behind it. For now I
can't say.

So far the article has no reply back from Canonical or Red Hat which they
asked whether the claim by Margaritelli is correct.

So far still nothing on oss-security or on debian-security-announce
mailing list. Or on any of the other sources I check.

Or on The Register. And its past 20:00 UTC already.

We will see. Maybe disclosure is just a few hours late.

Best,
--
Martin