this post was submitted on 30 Apr 2026
323 points (98.2% liked)

Selfhosted

56957 readers
1256 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
323
Serious Linux vulnerability affecting nearly every system. Patch your systems. (copy.fail)
submitted 1 day ago by Flax_vert@feddit.uk to c/selfhosted@lemmy.world
71 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ShortN0te@lemmy.ml 2 points 19 hours ago (1 children)

Looking at the CVE on NIST,i found following commit which dates to 30.03

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

[–] WhyJiffie@sh.itjust.works 3 points 15 hours ago (1 children)

the debian cve tracker also links to that page, but they have written 7.0-rc7 besides it.

https://security-tracker.debian.org/tracker/CVE-2026-31431

the openwall link has some comments that talk about the delayed patches, Greg KH also commented.

[–] ShortN0te@lemmy.ml 2 points 13 hours ago

7.0-rc7 is probably due to the 7.0 release early mid april. So the fix was in the mainline on 1st of April. The commit on 11th from GKH was probably due to the release.

I am not that familiar with the commit and release structure to get more into detail. But to me it clearly looks like the statement on copy.fail is correct, that the fix was in mainline on 1st of April.

From my point of view, I would suggest that maybe the communication downstream to the distros was not handled that well? But who would be to blaim? The researches that would need to communicate this issue to most existing distros? Linux maintainers? Distro maintainers?

Hard to say, without knowing the communication of the related mailinglists and disclousre etc.