Linux 7.0.8 & other kernels released, addressing the ssh-keysign-pwn vulnerability
Posted by somerandomxander@reddit | linux | View on Reddit | 17 comments
Xoph-is-Fire@reddit
Man, just get done updating all my Alma servers at work and turn around and do it again.
gokku_tain@reddit
I think we need run LLM for kernel to discover any exploit soon. About 1 - 2 days we will have new CVE, maintainer on rolling distro are crying :lol
Infiniti_151@reddit
Is AI discovering these vulnerabilities? I've never seen kernels released back to back at this pace
Bubbly_Extreme4986@reddit
What? Another one? Jeez
0riginal-Syn@reddit
LOL I feel you. Trust me, being a maintainer on a rolling distro has been like playing whack-a-mole this last week plus.
placebo_button@reddit
Assuming you work on Solus from you flair. I literally just wiped one of my laptops and put Solus on it the other night since I hadn't used it in quite some time and it's been really great so far.
0riginal-Syn@reddit
I do. Thanks for the kind words.
GloriousExtra@reddit
Yep. I'm on Fedora and got three updates today. 7.06, 7.07, and 7.08.
I've never seen this kind of thing happen before.
PerkyPangolin@reddit
I thought you were joking as I've just updated to 7.0.7. Lo and behold - 7.0.8 is there.
FranticBronchitis@reddit
My poor CPU's about to get a second beating
GloriousExtra@reddit
Yeah, I'm wondering what effects this is having on my own CPU. I love my little AMD Ryzen 5 5600, she does a lot of work, but all of this has to be taking a toll.
GloriousExtra@reddit
That's how I felt when I saw the kernel update to 7.07, and there was a news article talking about 7.08, and just for fun, I hit update again and damn there it was. lol
TipIll3652@reddit
Damn they're stacking up fast. I haven't turned my computer on in a week, at this rate we'll be at 7.1 before I do lol
CardOk755@reddit
This "vulnerability" is a joke.
TipIll3652@reddit
I haven't looked into it, but is this another one of those vulnerabilities where you need to be root to exploit it anyway?
aioeu@reddit
No, you don't need to be root to exploit it.
This bug allows an unprivileged user to access files that are opened by certain kinds of set-user-ID executables. As far as I can tell, the bug itself does not let the attacker choose an arbitrary file; that is, only the files opened by this process could be also accessed by the unprivileged user.
There may be some set-user-ID executables that can open arbitrary filenames given to it by the unprivileged user, but I would say those executables are already irresponsibly insecure to begin with.
unixbhaskar@reddit
That's okay, that is why we are "patching" this damn thing for ages.....improving :)