73

CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users(fedoramagazine.org)

posted
by
Avatar
petsoi@discuss.tchncs.de
in
Avatar
linux@lemmy.ml
8 comments
hidereport
Sort:
HotTopControversialNewOld
Avatar
wolf@lemmy.zip
13 points
*

Supply chain attacks are extremely cheap/easy and very effective, so get prepared for more of them in the future.

It really bothers me, that many companies make billions utilizing open source without contributing money/employees etc. to secure/supply/maintain supply chains.

permalink
report
reply
Avatar
RedNight@lemmy.ml
7 points

This one might not have been that cheap. The malicious code was added by a maintainer on the project for two years. That is some patience

permalink
report
parent
reply
Avatar
wolf@lemmy.zip
3 points

Agreed. I am more speaking of ‘in general’, for example there was a supply chain attack on a widely used npm package by writing an email to the author of the npm package. There are other ‘cheap’ attacks like dependency confusion, typo squatting etc.

permalink
report
parent
reply
Avatar
wolf@lemmy.zip
12 points

Mandatory XKCD: Dependency

permalink
report
reply
Avatar
leopold@lemmy.kde.social
8 points
permalink
report
parent
reply
Avatar
steal_your_face@lemmy.ml
10 points

Happy it doesn’t affect stable versions

permalink
report
reply
Avatar
delirious_owl@discuss.online
2 points

Did they intentionally not put the package name in the headline just to draw more clicks? Ffs

permalink
report
reply
Avatar
annata20@discuss.tchncs.de
1 point

CVE-2024-3094 represents a serious security threat for Pokerogue Fedora Linux 40 and Rawhide users. Promptly updating your system and applying the necessary patches are crucial steps in mitigating this vulnerability.

permalink
report
reply

Linux

!linux@lemmy.ml

Create post

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

  • Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
  • No misinformation
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

Community stats

  • 43

    Monthly active users

  • 3.3K

    Posts

  • 19K

    Comments

Community moderators