← Back to context

Comment by thom

12 hours ago

After all these years, we finally have enough eyeballs that all bugs are shallow, and it kinda sucks. How many times a week am I going to be updating my kernel from now on?

14 comments

thom

Reply
tempaccount5050  7 hours ago

I haven't updated mine. I have a firewall and it's not exposed to the Internet. Need a key to SSH in. Same with my public facing server. Almost none of these exploits are "drop everything now and patch" unless you are somehow exposing yourself stupidly.

  • rithdmc  2 hours ago

    > unless you are somehow exposing yourself stupidly

    Or, y'know, offer some forms of compute as a service.

  • baq  4 hours ago

    If you’re running any sort of CI you’re probably going to have a bad couple of days if everything goes well

    • HugoTea  1 hour ago

      To be honest, CI has always been a massive risk, I'm a bit miffed at how blasé some people are about providing runners.

midtake  4 hours ago

I sort of always expect there to be an LPE to root on Linux tbh, if anything this is great news and Linux might be a useful multiuser system after all.

baq  4 hours ago

With how things are going the question should be ‘is twice a day often enough?’

  • dwd  4 hours ago

    At the moment it doesn't seem to be.

    Within an hour of be advised of, and running the mitigation for DirtyFrag, my upstream provider has blocked all WHM/cPanel/SSH/FTP/SFTP access with a heads-up on:

    CVE-2026-29201 CVE-2026-29202 CVE-2026-29203

    which look like a repeat of CVE-2026-41940 a week ago.

brcmthrowaway  12 hours ago

So you think someone is going to break into your house, find your default credentials somehow and get root access?

  • thom  5 hours ago

    I think when there’s a step change in our ability to find one type of vulnerability, other types of vulnerability are probably going to become more common as well. Let’s see where we stand at the end of the year.