question still as a dummy. I try not to open emails from anybody I don't know, hovering over the "from" if the subject is unexpected. But sometimes the mail program jumps as I click, and I open something I did not intend to open. Or a malfeasor might have intercepted an email I sent and crafted a reply from the person I sent it to.....or even have compromised their machine and added code to every email from them. Could a script in an email exploit this? I am not panicing, but I am concerned. <pre>--Carey</pre>
On 06/04/2024 7:33 AM CDT D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: CAREY SCHUG via talk <talk@gtalug.org>
| Maybe i missed it, but can somebody post the "for dummies" command to | tell if one has the fix installed? | | I realize a different command for each package manager, at least: Deb, pacman, rpm, gentoo, others?
DON'T PANIC. For a Bad Guy to exploit this bug, they need to be able to run code of their choosing on your machine. I bet you don't let anyone dangerous log in to your machine. And I bet you don't run random shell scripts from the internet.
The bug is pretty old so you are unlikely to have a kernel that predates the bug's introduction. So you need to have a kernel new enough to have the fix.
Each distro probably released its own announcement some time after late January 2024. The bug's name is CVE-2024-1086. Googling that and your disto's name should get you to any announcement.
Because distros don't want to let the cat out of the bag prematurely, they may be coy in the description of the update. The Good Guys want to release fixes before alerting Bad Guys of a vulnerability.
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk