• Rodeo@lemmy.ca
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    Panik: your Debian stable system is so ancient it still contains the heartbleed bug.

    • bruhduh@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      9 months ago

      Is linux 6.1 vulnerable to heartbleed? I’m on lmde6 with linux 6.1 btw) edit: as other comment said debian 12 is good so everything alright

        • Hello Hotel@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          9 months ago

          Its a CPU bug only the kernel can fix 🤒. The kernel is responsible for its running hardware.

          Am I dumb? that’s the spectere and meltdown bug. xz-utils malware is a whole other thing, lol.

            • Hello Hotel@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              9 months ago

              Clearly not, lol. Every vulnerability is spectere aparently. (To be fair, the other CVE this week is hardware based)

              • areyouevenreal@lemm.ee
                link
                fedilink
                arrow-up
                1
                ·
                9 months ago

                Heartbleed isn’t new either. It’s from years ago. It’s also unrelated to the xz backdoor. Maybe you should get some rest. Check your carbon monoxide alarms are working. If not see a doctor. It sounds like you are having memory issues.

  • shotgun_crab@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    Still paniking, cause the backdoor was apparently targetting Debian servers, it was discovered just by chance and the “mantainer” made commits for 2 years in the same repo

      • dan@upvote.au
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        and it was only discovered accidentally, when someone was profiling some stuff, noticed SSH using a bit too much CPU power when receiving connections even for invalid usernames/passwords, and spent the time to investigate it more deeply. A lot of developers aren’t that attentive, and it could have easily snuck through.