On Sun, Mar 31, 2024 at 08:55:37PM +0000, Christopher Klooz wrote: > The repo files should be the same on Fedora containers, so if the container > is F40 and the testing repo is enabled, it might have installed the malicious > build.
Right, if it was dnf updated during the time that the bad update was in updates-testing. Folks should pull the latest and restart. > Preemptively, I added yesterday to the Fedora Discussion topic that people > shall also update their toolbox containers. I am not sure if a container can > end up in a condition that is vulnerable (especially since it has no > dedicated systemd), but I assume we do not know for sure at this time, and > the package was available to toolbox if the testing was enabled on a F40 > container (I assume there are already F40 containers available? Didn't > verify). Yeah, best to be safe and pull the latest that doesn't have the affected build and rerun. Yes, there are f40 containers available. kevin
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue