unhinge@programming.dev to Linux@lemmy.mlEnglish · 7 months agoHow do you track security vulnerabilities?message-squaremessage-square32fedilinkarrow-up182arrow-down16file-text
arrow-up176arrow-down1message-squareHow do you track security vulnerabilities?unhinge@programming.dev to Linux@lemmy.mlEnglish · 7 months agomessage-square32fedilinkfile-text
Do you rely on mailing lists or news articles for security vulnerabilities? Please share. I only got to know about xz/liblzma [1] and curl [2] [3] vulnerabilities through lemmy (maybe because of high severity?). 1 ↩︎ 2 ↩︎ 3 ↩︎
minus-squaredelirious_owl@discuss.onlinelinkfedilinkarrow-up1·7 months agoWhy does the xz thing require human intervention?
minus-squareBjörn Tantau@swg-empire.delinkfedilinkarrow-up4·7 months agoIf you had it on a computer that is accessible via SSH from the internet you should proceed under the assumption that it was compromised. Which means you should reinstall from a safe medium and change your keys and passwords.
Why does the xz thing require human intervention?
If you had it on a computer that is accessible via SSH from the internet you should proceed under the assumption that it was compromised. Which means you should reinstall from a safe medium and change your keys and passwords.