this post was submitted on 04 Oct 2023
140 points (95.5% liked)

Linux

48149 readers
599 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 1 year ago (1 children)

An interesting fact about the affected versions: It was introduced in 2.34, so there was a comment on hackernews that Red Hat 8 isn't affected because it ships with an earlier version. However, from Red Hat's customer Portal:

Statement

This vulnerability was introduced in glibc 2.34 in commit 2ed18c. The commit that introduced the vulnerability was backported to RHEL-8.6 and is affected.

So just checking version numbers for vulnerabilities isn't really enough. I had a similar discussion at work lately where a CVE fix was listed in a stable kernel's changelog even though going by the vulnerable versions listed in the CVE itself, that kernel wasn't affected.

[–] [email protected] 5 points 1 year ago

So if RHEL is affected, it means Rocky and AlmaLinux is too.