• hglman
      link
      fedilink
      English
      arrow-up
      13
      ·
      11 months ago

      It’s a 5-day old article; Lemmy loves those on Sunday.

      • Troy@lemmy.ca
        link
        fedilink
        arrow-up
        24
        ·
        11 months ago

        Lemmy (like its predecessors) is temporally arranged content. Think of it like having a discussion in a pub. Imagine bringing up a topic and someone said: but we discussed this 5 days ago, so we cannot discuss it now. Your obvious response would be: but I wasn’t here five days ago. It’s okay to repeat a conversation.

        If you want more of a hierarchical structure, use wikipedia article conversations. Then each conversation only occurs once (ish). Not encouraging repeated conversation here will lead to slow content death – like on StackOverflow.

        • hglman
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          11 months ago

          It also involves context; the post I replied to said it was not new. I simply noted that it occurred on slower days. My point being, you should check the dates of the source material for context. I made no judgment of the validity of that. You projected that. I agree with you It’s fine to visit the past.

    • mozz@mbin.grits.dev
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      11 months ago

      Easiest answer:

      sudo apt udpate
      sudo apt upgrade
      

      If it upgrades some stuff, you were vulnerable, but you no longer are. If nothing upgrades, then you were already all good.

      If you’re doing that regularly, then your core system will generally be patched fixing almost all exploits in your core system, including this one. If not, you’re vulnerable to this exploit and likely a whole bunch more stuff.

      Edit: That’s the simplest answer but if you’re curious you can do a double-check for this particular vulnerability with apt changelog libc6 - generally speaking you won’t see recent changes, but if a package has been recently updated you’ll see a recent fix. So e.g. for this, I see the top change in the changelog is the fix from a couple weeks back:

      glibc (2.36-9+deb12u4) bookworm-security; urgency=medium
      
        * debian/patches/any/local-CVE-2023-6246.patch: Fix a heap buffer overflow
          in __vsyslog_internal (CVE-2023-6246).
        * debian/patches/any/local-CVE-2023-6779.patch: Fix an off-by-one heap
          buffer overflow in __vsyslog_internal (CVE-2023-6779).
        * debian/patches/any/local-CVE-2023-6780.patch: Fix an integer overflow in
          __vsyslog_internal (CVE-2023-6780).
        * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory
          corruption in qsort() when using nontransitive comparison functions.
      
       -- Aurelien Jarno <aurel32@debian.org>  Tue, 23 Jan 2024 21:57:06 +0100
      
      • sun_is_ra@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        11 months ago

        If you are running apt then you are running debian or ubuntu which the article clearly states they are vulnerable. but anyway I was asking how do I figure it out by myself

        • mozz@mbin.grits.dev
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          11 months ago

          All Linux systems will be very likely vulnerable to this if they’re not they’re patched with the fix. Patched systems will not be vulnerable. That’s true for Debian and Ubuntu, as it is for any Linux system. The commands I gave are determining whether or not you’re patched, on a Debian or Ubuntu system.

          What distro are you running? I can give you commands like that for any Linux system to determine whether or not you’re patched.

            • mozz@mbin.grits.dev
              link
              fedilink
              arrow-up
              3
              ·
              edit-2
              11 months ago

              I don’t see why it wouldn’t. I think for gentoo, you want to check if you need any security updates with:

              emerge --sync
              emerge gentoolkit
              glsa-check -l affected
              

              (Edit: Also, as a general rule – don’t type stuff as root just because I or some other random person on the internet tells you to; check the man page or docs to make sure it’s going to do something that you want it to do first.)