Re: Wayland on Kubuntu 22.04
I looked up the two cards you mentioned and they perform pretty much the same, but they appear to blow the GT710 out of the water if this is to be believed. I think I'll give up on getting nvenc to work on the gt 710. I imagine the rx580 will do much better. https://gpu.userbenchmark.com/Compare/Nvidia-GeForce-GT-710-vs-AMD-RX-580/m77649vs3923 On 3/28/24 14:05, Stephen Partington via PLUG-discuss wrote: The closest modern card are going to be the RX 580's or 5500xt Thise are in the 50-100 price range that the 710 is. On Thu, Mar 28, 2024, 4:58 PM Jim via PLUG-discuss wrote: The card I have now is a GeForce GT 710. What Radeon card would be equivalent to that? I don't want to buy something that turns out to be slower. On 3/26/24 10:04, Stephen Partington via PLUG-discuss wrote: Also amd flagship cards are getting tremendous performance gains under vulkan. On Tue, Mar 26, 2024, 8:52 AM Steve Litt via PLUG-discuss wrote: Jim via PLUG-discuss said on Sun, 24 Mar 2024 12:58:34 -0700 >I have an Nvidia card. The computer has an Intel gpu. I would think >that Nvidia support should come along sooner or later. I doubt it. They won't reveal the interface without an NDA that Free Software developers can't sign. >There are a lot >of Nvidia users out there. Nvidia doesn't care. They're in the top 6 worldwide richest corporations because of their leadership in AI chips, so they don't care about a few Linux people stuck with Nvidia hardware. If you can, I'd advise you to do what I did and switch from Nvidia to Radeon the minute your machine exhibits the slightest flakiness or video artifacts. SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Handbrake won't use nvenc
They are likely interrelated. Maybe this can help you?
https://forums.developer.nvidia.com/t/install-nvenc-12-x-with-libnvidia-compute-server-525/276013
On Sat, Mar 30, 2024, 6:43 PM Jim via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
> Any idea how I would fix that? I saw where it said nvdec isn't there, but
> I'm trying to use nvenc? Will it refuse to work if nvdec is missing?
> On 3/30/24 14:49, Stephen Partington via PLUG-discuss wrote:
>
> nvdec: is not compiled into this build
>
> That seems to be the issue.
>
> On Sat, Mar 30, 2024, 5:03 PM Jim via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> Here's a recap of my last post. I had Ubuntu 22.04 installed on this
>> machine. I had Handbrake using the Nvenc option. Recently I had to
>> reinstall the OS. Now Nvendc doesn't work. I didn't change any
>> hardware. Handbrake gives me an error now. Today I tried again and
>> clicked the button for the Activity window. Here's what was in it.
>>
>>
>> OS: Ubuntu 22.04.4 LTS
>> HandBrake 1.7.3 (2023082100)
>> Kernel: Linux 5.15.0-100-generic (x86_64)
>> CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz x 4
>> Install Dir: /usr/bin
>> Config Dir: /home/delboy/.config/ghb
>> ___
>>
>> [13:40:34] Compile-time hardening features are enabled
>> [13:40:34] nvenc: version 11.1 is available
>> [13:40:34] nvdec: is not compiled into this build
>> [13:40:34] CUDA Version: 3.5
>> [13:40:34] vcn: not available on this system
>> [13:40:34] qsv: not available on this system
>> [13:40:34] hb_init: starting libhb thread
>> [13:40:34] hb_init: starting libhb thread
>> [13:40:34] hb_init: starting libhb thread
>> [13:40:40] CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
>> [13:40:40] - Intel microarchitecture Ivy Bridge
>> [13:40:40] - logical processor count: 4
>> [13:40:40] Intel Quick Sync Video support: no
>> [13:40:40] hb_scan: path=/home/delboy/a.mp4, title_index=0
>> Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/home/delboy/a.mp4':
>>Metadata:
>> major_brand : isom
>> minor_version : 512
>> compatible_brands: isomiso2avc1mp41
>> encoder : Lavf58.76.100
>>Duration: 00:00:16.58, start: 0.00, bitrate: 2144 kb/s
>>Stream #0:0[0x1](und): Video: h264 (Main) (avc1 / 0x31637661),
>> yuv420p(tv, bt709, progressive), 1920x1080 [SAR 1:1 DAR 16:9], 1979
>> kb/s, 25 fps, 25 tbr, 12800 tbn (default)
>> Metadata:
>>handler_name: VideoHandler
>>vendor_id : [0][0][0][0]
>>Stream #0:1[0x2](und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz,
>> stereo, fltp, 161 kb/s (default)
>> Metadata:
>>handler_name: SoundHandler
>>vendor_id : [0][0][0][0]
>> [13:40:41] scan: decoding previews for title 1
>> [13:40:41] scan: audio 0x1: aac, rate=48000Hz, bitrate=161200 Unknown
>> (AAC LC, 2.0 ch, 161 kbps)
>> [13:40:41] using container PAR 1:1
>> [13:40:41] scan: 10 previews, 1920x1080, 25.000 fps, autocrop = 0/6/0/0,
>> aspect 16:9, PAR 1:1, color profile: 1-1-1, chroma location: left
>> [13:40:41] Title is likely interlaced or telecined (10 out of 10
>> previews). You should do something about that.
>> [13:40:41] libhb: scan thread found 1 valid title(s)
>> [13:40:55] gtkgui: Custom Preset: /General/1080p 4:3
>> [13:40:55] Starting work at: Sat Mar 30 13:40:55 2024
>>
>> [13:40:55] 1 job(s) to process
>> [13:40:55] json job:
>> {
>> "Audio": {
>> "AudioList": [
>> {
>> "Bitrate": 0,
>> "DRC": 0.0,
>> "Encoder": "copy:aac",
>> "Mixdown": "none",
>> "PresetEncoder": "copy",
>> "Quality": -3.0,
>> "Samplerate": 0,
>> "Track": 0
>> }
>> ],
>> "CopyMask": [
>> "copy:mp3",
>> "copy:aac",
>> "copy:ac3",
>> "copy:dts",
>> "copy:dtshd",
>> "copy:eac3",
>> "copy:flac",
>> "copy:truehd"
>> ],
>> "FallbackEncoder": "av_aac"
>> },
>> "Destination": {
>> "AlignAVStart": false,
>> "ChapterList": [
>> {
>> "Duration": {
>> "Hours": 0,
>> "Minutes": 0,
>> "Seconds": 16,
>> "Ticks": 1491840
>> },
>> "Name": ""
>> }
>> ],
>> "ChapterMarkers": false,
>> "File": "/home/delboy/desktop1/a.mkv",
>> "InlineParameterSets": false,
>> "Mux": "mkv",
>> "Options": {
>> "IpodAtom": false,
>> "Optimize": false
>> }
>> },
>> "Filters": {
>> "FilterList": [
>> {
>> "ID": 4,
>> "Settings": {
>> "block-height": "16",
>>
Re: Handbrake won't use nvenc
Any idea how I would fix that? I saw where it said nvdec isn't there,
but I'm trying to use nvenc? Will it refuse to work if nvdec is missing?
On 3/30/24 14:49, Stephen Partington via PLUG-discuss wrote:
nvdec: is not compiled into this build
That seems to be the issue.
On Sat, Mar 30, 2024, 5:03 PM Jim via PLUG-discuss
wrote:
Here's a recap of my last post. I had Ubuntu 22.04 installed on this
machine. I had Handbrake using the Nvenc option. Recently I had to
reinstall the OS. Now Nvendc doesn't work. I didn't change any
hardware. Handbrake gives me an error now. Today I tried again and
clicked the button for the Activity window. Here's what was in it.
OS: Ubuntu 22.04.4 LTS
HandBrake 1.7.3 (2023082100)
Kernel: Linux 5.15.0-100-generic (x86_64)
CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz x 4
Install Dir: /usr/bin
Config Dir: /home/delboy/.config/ghb
___
[13:40:34] Compile-time hardening features are enabled
[13:40:34] nvenc: version 11.1 is available
[13:40:34] nvdec: is not compiled into this build
[13:40:34] CUDA Version: 3.5
[13:40:34] vcn: not available on this system
[13:40:34] qsv: not available on this system
[13:40:34] hb_init: starting libhb thread
[13:40:34] hb_init: starting libhb thread
[13:40:34] hb_init: starting libhb thread
[13:40:40] CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
[13:40:40] - Intel microarchitecture Ivy Bridge
[13:40:40] - logical processor count: 4
[13:40:40] Intel Quick Sync Video support: no
[13:40:40] hb_scan: path=/home/delboy/a.mp4, title_index=0
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/home/delboy/a.mp4':
Metadata:
major_brand : isom
minor_version : 512
compatible_brands: isomiso2avc1mp41
encoder : Lavf58.76.100
Duration: 00:00:16.58, start: 0.00, bitrate: 2144 kb/s
Stream #0:0[0x1](und): Video: h264 (Main) (avc1 / 0x31637661),
yuv420p(tv, bt709, progressive), 1920x1080 [SAR 1:1 DAR 16:9], 1979
kb/s, 25 fps, 25 tbr, 12800 tbn (default)
Metadata:
handler_name : VideoHandler
vendor_id : [0][0][0][0]
Stream #0:1[0x2](und): Audio: aac (LC) (mp4a / 0x6134706D),
48000 Hz,
stereo, fltp, 161 kb/s (default)
Metadata:
handler_name : SoundHandler
vendor_id : [0][0][0][0]
[13:40:41] scan: decoding previews for title 1
[13:40:41] scan: audio 0x1: aac, rate=48000Hz, bitrate=161200 Unknown
(AAC LC, 2.0 ch, 161 kbps)
[13:40:41] using container PAR 1:1
[13:40:41] scan: 10 previews, 1920x1080, 25.000 fps, autocrop =
0/6/0/0,
aspect 16:9, PAR 1:1, color profile: 1-1-1, chroma location: left
[13:40:41] Title is likely interlaced or telecined (10 out of 10
previews). You should do something about that.
[13:40:41] libhb: scan thread found 1 valid title(s)
[13:40:55] gtkgui: Custom Preset: /General/1080p 4:3
[13:40:55] Starting work at: Sat Mar 30 13:40:55 2024
[13:40:55] 1 job(s) to process
[13:40:55] json job:
{
"Audio": {
"AudioList": [
{
"Bitrate": 0,
"DRC": 0.0,
"Encoder": "copy:aac",
"Mixdown": "none",
"PresetEncoder": "copy",
"Quality": -3.0,
"Samplerate": 0,
"Track": 0
}
],
"CopyMask": [
"copy:mp3",
"copy:aac",
"copy:ac3",
"copy:dts",
"copy:dtshd",
"copy:eac3",
"copy:flac",
"copy:truehd"
],
"FallbackEncoder": "av_aac"
},
"Destination": {
"AlignAVStart": false,
"ChapterList": [
{
"Duration": {
"Hours": 0,
"Minutes": 0,
"Seconds": 16,
"Ticks": 1491840
},
"Name": ""
}
],
"ChapterMarkers": false,
"File": "/home/delboy/desktop1/a.mkv",
"InlineParameterSets": false,
"Mux": "mkv",
"Options": {
"IpodAtom": false,
"Optimize": false
}
},
"Filters": {
"FilterList": [
{
"ID": 4,
"Settings": {
"block-height": "16",
"block-thresh": "40",
"block-width": "16",
"filter-mode": "2",
"mode": "3",
Re: Handbrake won't use nvenc
nvdec: is not compiled into this build
That seems to be the issue.
On Sat, Mar 30, 2024, 5:03 PM Jim via PLUG-discuss <
plug-discuss@lists.phxlinux.org> wrote:
> Here's a recap of my last post. I had Ubuntu 22.04 installed on this
> machine. I had Handbrake using the Nvenc option. Recently I had to
> reinstall the OS. Now Nvendc doesn't work. I didn't change any
> hardware. Handbrake gives me an error now. Today I tried again and
> clicked the button for the Activity window. Here's what was in it.
>
>
> OS: Ubuntu 22.04.4 LTS
> HandBrake 1.7.3 (2023082100)
> Kernel: Linux 5.15.0-100-generic (x86_64)
> CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz x 4
> Install Dir: /usr/bin
> Config Dir: /home/delboy/.config/ghb
> ___
>
> [13:40:34] Compile-time hardening features are enabled
> [13:40:34] nvenc: version 11.1 is available
> [13:40:34] nvdec: is not compiled into this build
> [13:40:34] CUDA Version: 3.5
> [13:40:34] vcn: not available on this system
> [13:40:34] qsv: not available on this system
> [13:40:34] hb_init: starting libhb thread
> [13:40:34] hb_init: starting libhb thread
> [13:40:34] hb_init: starting libhb thread
> [13:40:40] CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
> [13:40:40] - Intel microarchitecture Ivy Bridge
> [13:40:40] - logical processor count: 4
> [13:40:40] Intel Quick Sync Video support: no
> [13:40:40] hb_scan: path=/home/delboy/a.mp4, title_index=0
> Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/home/delboy/a.mp4':
>Metadata:
> major_brand : isom
> minor_version : 512
> compatible_brands: isomiso2avc1mp41
> encoder : Lavf58.76.100
>Duration: 00:00:16.58, start: 0.00, bitrate: 2144 kb/s
>Stream #0:0[0x1](und): Video: h264 (Main) (avc1 / 0x31637661),
> yuv420p(tv, bt709, progressive), 1920x1080 [SAR 1:1 DAR 16:9], 1979
> kb/s, 25 fps, 25 tbr, 12800 tbn (default)
> Metadata:
>handler_name: VideoHandler
>vendor_id : [0][0][0][0]
>Stream #0:1[0x2](und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz,
> stereo, fltp, 161 kb/s (default)
> Metadata:
>handler_name: SoundHandler
>vendor_id : [0][0][0][0]
> [13:40:41] scan: decoding previews for title 1
> [13:40:41] scan: audio 0x1: aac, rate=48000Hz, bitrate=161200 Unknown
> (AAC LC, 2.0 ch, 161 kbps)
> [13:40:41] using container PAR 1:1
> [13:40:41] scan: 10 previews, 1920x1080, 25.000 fps, autocrop = 0/6/0/0,
> aspect 16:9, PAR 1:1, color profile: 1-1-1, chroma location: left
> [13:40:41] Title is likely interlaced or telecined (10 out of 10
> previews). You should do something about that.
> [13:40:41] libhb: scan thread found 1 valid title(s)
> [13:40:55] gtkgui: Custom Preset: /General/1080p 4:3
> [13:40:55] Starting work at: Sat Mar 30 13:40:55 2024
>
> [13:40:55] 1 job(s) to process
> [13:40:55] json job:
> {
> "Audio": {
> "AudioList": [
> {
> "Bitrate": 0,
> "DRC": 0.0,
> "Encoder": "copy:aac",
> "Mixdown": "none",
> "PresetEncoder": "copy",
> "Quality": -3.0,
> "Samplerate": 0,
> "Track": 0
> }
> ],
> "CopyMask": [
> "copy:mp3",
> "copy:aac",
> "copy:ac3",
> "copy:dts",
> "copy:dtshd",
> "copy:eac3",
> "copy:flac",
> "copy:truehd"
> ],
> "FallbackEncoder": "av_aac"
> },
> "Destination": {
> "AlignAVStart": false,
> "ChapterList": [
> {
> "Duration": {
> "Hours": 0,
> "Minutes": 0,
> "Seconds": 16,
> "Ticks": 1491840
> },
> "Name": ""
> }
> ],
> "ChapterMarkers": false,
> "File": "/home/delboy/desktop1/a.mkv",
> "InlineParameterSets": false,
> "Mux": "mkv",
> "Options": {
> "IpodAtom": false,
> "Optimize": false
> }
> },
> "Filters": {
> "FilterList": [
> {
> "ID": 4,
> "Settings": {
> "block-height": "16",
> "block-thresh": "40",
> "block-width": "16",
> "filter-mode": "2",
> "mode": "3",
> "motion-thresh": "1",
> "spatial-metric": "2",
> "spatial-thresh": "1"
> }
> },
> {
> "ID": 5,
> "Settings": {
> "mode": "7"
> }
> },
> {
> "ID": 10,
> "Settings": {
> "mode": 1
>
Re: Handbrake won't use nvenc
Here's a recap of my last post. I had Ubuntu 22.04 installed on this
machine. I had Handbrake using the Nvenc option. Recently I had to
reinstall the OS. Now Nvendc doesn't work. I didn't change any
hardware. Handbrake gives me an error now. Today I tried again and
clicked the button for the Activity window. Here's what was in it.
OS: Ubuntu 22.04.4 LTS
HandBrake 1.7.3 (2023082100)
Kernel: Linux 5.15.0-100-generic (x86_64)
CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz x 4
Install Dir: /usr/bin
Config Dir: /home/delboy/.config/ghb
___
[13:40:34] Compile-time hardening features are enabled
[13:40:34] nvenc: version 11.1 is available
[13:40:34] nvdec: is not compiled into this build
[13:40:34] CUDA Version: 3.5
[13:40:34] vcn: not available on this system
[13:40:34] qsv: not available on this system
[13:40:34] hb_init: starting libhb thread
[13:40:34] hb_init: starting libhb thread
[13:40:34] hb_init: starting libhb thread
[13:40:40] CPU: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
[13:40:40] - Intel microarchitecture Ivy Bridge
[13:40:40] - logical processor count: 4
[13:40:40] Intel Quick Sync Video support: no
[13:40:40] hb_scan: path=/home/delboy/a.mp4, title_index=0
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from '/home/delboy/a.mp4':
Metadata:
major_brand : isom
minor_version : 512
compatible_brands: isomiso2avc1mp41
encoder : Lavf58.76.100
Duration: 00:00:16.58, start: 0.00, bitrate: 2144 kb/s
Stream #0:0[0x1](und): Video: h264 (Main) (avc1 / 0x31637661),
yuv420p(tv, bt709, progressive), 1920x1080 [SAR 1:1 DAR 16:9], 1979
kb/s, 25 fps, 25 tbr, 12800 tbn (default)
Metadata:
handler_name : VideoHandler
vendor_id : [0][0][0][0]
Stream #0:1[0x2](und): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz,
stereo, fltp, 161 kb/s (default)
Metadata:
handler_name : SoundHandler
vendor_id : [0][0][0][0]
[13:40:41] scan: decoding previews for title 1
[13:40:41] scan: audio 0x1: aac, rate=48000Hz, bitrate=161200 Unknown
(AAC LC, 2.0 ch, 161 kbps)
[13:40:41] using container PAR 1:1
[13:40:41] scan: 10 previews, 1920x1080, 25.000 fps, autocrop = 0/6/0/0,
aspect 16:9, PAR 1:1, color profile: 1-1-1, chroma location: left
[13:40:41] Title is likely interlaced or telecined (10 out of 10
previews). You should do something about that.
[13:40:41] libhb: scan thread found 1 valid title(s)
[13:40:55] gtkgui: Custom Preset: /General/1080p 4:3
[13:40:55] Starting work at: Sat Mar 30 13:40:55 2024
[13:40:55] 1 job(s) to process
[13:40:55] json job:
{
"Audio": {
"AudioList": [
{
"Bitrate": 0,
"DRC": 0.0,
"Encoder": "copy:aac",
"Mixdown": "none",
"PresetEncoder": "copy",
"Quality": -3.0,
"Samplerate": 0,
"Track": 0
}
],
"CopyMask": [
"copy:mp3",
"copy:aac",
"copy:ac3",
"copy:dts",
"copy:dtshd",
"copy:eac3",
"copy:flac",
"copy:truehd"
],
"FallbackEncoder": "av_aac"
},
"Destination": {
"AlignAVStart": false,
"ChapterList": [
{
"Duration": {
"Hours": 0,
"Minutes": 0,
"Seconds": 16,
"Ticks": 1491840
},
"Name": ""
}
],
"ChapterMarkers": false,
"File": "/home/delboy/desktop1/a.mkv",
"InlineParameterSets": false,
"Mux": "mkv",
"Options": {
"IpodAtom": false,
"Optimize": false
}
},
"Filters": {
"FilterList": [
{
"ID": 4,
"Settings": {
"block-height": "16",
"block-thresh": "40",
"block-width": "16",
"filter-mode": "2",
"mode": "3",
"motion-thresh": "1",
"spatial-metric": "2",
"spatial-thresh": "1"
}
},
{
"ID": 5,
"Settings": {
"mode": "7"
}
},
{
"ID": 10,
"Settings": {
"mode": 1
}
},
{
"ID": 19,
"Settings": {
"crop-bottom": 6,
"crop-left": 0,
"crop-right": 0,
"crop-top": 0,
"height": 1074,
"width": 1920
}
}
]
},
"Metadata": {
"Name": "a"
},
"PAR": {
"Den": 1,
"Num": 1
},
"SequenceID": 0,
"Source": {
Re: security: check xc-utils versions
Fedora 38 and 39 is not affected. But the Fedora 40 Beta is affected and they are changing to a previous version in the Beta before it gets released to all users. Harold Hartley Sent with Proton Mail secure email. On Saturday, March 30th, 2024 at 09:35, Matthew Crews via PLUG-discuss wrote: > > On 3/29/24 13:18, der.hans via PLUG-discuss wrote: > > > moin moin, > > > > someone patched a potential remote exploit into xz-utils. It seems it can > > compromise sshd. > > > > The exploit was added in February affecting versions 5.6.0 and 5.6.1, but > > the exploiter has been around a while, so watch for updates. > > > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > > > https://lists.debian.org/debian-security-announce/2024/msg00057.html > > > > https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users > > > > ciao, > > > > der.hans > > > This, ladies and gentlemen, is what a Supply Chain Attack looks like. > > While I'm not sure that this specific vulnerability led to much harm > (who knows yet?), we're going to be feeling the after-shocks in the open > source and security industries for a long time. > > Among the many questions that need to be asked: > > 1. How can we trust source tarballs / archive files to be 100% correct > versus source code? > 2. Without looking at the source code line-by-line, how do we detect > supply chain attacks before they are propagated to end users? > 3. How do we properly vet source code contributors to make sure they > aren't going to perform supply chain attacks? > > -Matt > --- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: security: check xc-utils versions
On 3/29/24 13:18, der.hans via PLUG-discuss wrote: moin moin, someone patched a potential remote exploit into xz-utils. It seems it can compromise sshd. The exploit was added in February affecting versions 5.6.0 and 5.6.1, but the exploiter has been around a while, so watch for updates. https://www.openwall.com/lists/oss-security/2024/03/29/4 https://lists.debian.org/debian-security-announce/2024/msg00057.html https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users ciao, der.hans This, ladies and gentlemen, is what a Supply Chain Attack looks like. While I'm not sure that this specific vulnerability led to much harm (who knows yet?), we're going to be feeling the after-shocks in the open source and security industries for a long time. Among the many questions that need to be asked: 1. How can we trust source tarballs / archive files to be 100% correct versus source code? 2. Without looking at the source code line-by-line, how do we detect supply chain attacks before they are propagated to end users? 3. How do we properly vet source code contributors to make sure they aren't going to perform supply chain attacks? -Matt --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
