Language Selection

English French German Italian Portuguese Spanish

Gentoo Infrastructure Press Release

Filed under
Gentoo
Security

On August 7, 2007, bannedit reported bug 187971 regarding a possible command injection vulnerability within http://packages.gentoo.org. The Infrastructure team verified the vulnerability and the server was immediately taken down to prevent further exploitation and to allow for forensic analysis.

The server hosted the following sites and services:

archives.gentoo.org
packagestest.gentoo.org
scripts.gentoo.org
archivestest.gentoo.org
kiss.gentoo.org
packages.gentoo.org
stats.gentoo.org
survey.gentoo.org

While no ETA is currently available, the affected sites and services will be restored. The affected server will be rebuilt while the packages.gentoo.org service's source undergoes a full security audit prior to being restored. The tree and all other services were unaffected.




More in Tux Machines

Android Leftovers

GNOME Shell vs. KDE Plasma Graphics Tests On Wayland vs. X.Org Server

A premium member this week had requested some benchmarks of openSUSE Tumbleweed when looking at the performance of KDE Plasma vs. GNOME Shell in some open-source graphics/gaming tests while also looking at the Wayland vs. X.Org Server performance. With KDE Plasma 5.12 that openSUSE Tumbleweed has picked up, there is much better Wayland session support compared to previous releases. While KDE developers aren't yet ready to declare their Wayland session the default, in my experience so far it's been working out very well but still routinely will find application crashes in Kate and the like when testing under the KWin's Wayland compositor. Read more

Stable kernels 4.15.6, 4.14.22, 4.9.84, 4.4.118 and 3.18.96

Android Leftovers