Cybersecurity

8605 readers

256 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

CISA: High-severity Linux flaw now exploited by ransomware gangs (www.bleepingcomputer.com)

submitted 1 week ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] MantisToboggon@lazysoci.al 3 points 1 week ago (3 children)

Man I hope both Linux users are ok.

[–] FigMcLargeHuge@sh.itjust.works 5 points 1 week ago (2 children)

This is almost 2 years old. FTA "The flaw impacts many major Linux distributions, including but not limited to Debian, Ubuntu, Fedora, and Red Hat, which use kernel versions from 3.15 to 6.8-rc1"

I ran hostnamectl on my current machine and got this:
Kernel: Linux 6.16.3-76061603-generic

Hopefully the other linux user chimes in here soon.

[–] Professor_Piddles@sh.itjust.works 4 points 1 week ago* (last edited 1 week ago) (1 children)

Debian Trixie is on 6.12. I would expect many Debian users to still be on Bookworm though, which is reported as “6.1 series”. Not sure if those would be affected. Most other distros will be on newer kernels than Debian.

https://www.debian.org/releases/trixie/release-notes/whats-new.en.html

I don’t have any machines still running Bookworm so I can’t check for myself.

Edit: I am a ding dong home user and don’t even use Linux for work (unfortunately). No idea how this affects entities larger than individuals like me

[–] kbal@fedia.io 6 points 1 week ago

Whichever kernel debian bookworm has, the patch for this has most likely been applied to it. The larger risk is to organizations running ancient versions of RHEL or something that never get updated, e.g. because some hardware they need uses a shitty proprietary driver that supports only very specific kernel versions.

Edit: You can confirm that it's been fixed in Debian here. Looks like it was patched for bullseye systems still running kernel 5.10 in June 2024.