On 31/03/2024 23.11, Kevin Fenzi wrote:
On Sun, Mar 31, 2024 at 08:55:37PM +0000, Christopher Klooz wrote:
The repo files should be the same on Fedora containers, so if the container is
F40 and the testing repo is enabled, it might have installed the malicious
build.
Right, if it was dnf updated during the time that the bad update was in
updates-testing.
Folks should pull the latest and restart.
Preemptively, I added yesterday to the Fedora Discussion topic that people
shall also update their toolbox containers. I am not sure if a container can
end up in a condition that is vulnerable (especially since it has no dedicated
systemd), but I assume we do not know for sure at this time, and the package
was available to toolbox if the testing was enabled on a F40 container (I
assume there are already F40 containers available? Didn't verify).
Yeah, best to be safe and pull the latest that doesn't have the affected
build and rerun.
Yes, there are f40 containers available.
kevin
Great point. I adjusted the Fedora Discussion topic.
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
