GNU/Linux News in the Era of Science and Reason
THE news about "Linux" this past week contained unwarranted misinformation and clickbait. An issue in some library not connected to Linux (GNU actually) is being mischaracterised and the severity of the issue is also mischaracterised.
The short story is, people are at risk if they do not patch their distribution and also, in addition, they acquire some software from some random site that takes advantage of a hole unknown until less than a week ago. Exploitation of the hole would likely never happen by merely upgrading existing (already installed) software like Firefox because Mozilla does not want to trick all of its users into taking "poisonous" builds that steal root access. What for anyway? What's to gain?
As such, a more reasonable and factual reporter would simply state that there this package that many GNU/Linux distros have in them, it needs to be updated (patched), and if one installs some random binary found somewhere online (not trusted sources), then there's a possibility that not only will that binary cause damage at user(space) level but also at root level. There's also the possibility that untrusted, malicious actors with an account on your server can get greater access than before (unless the system is patched quickly). But even shared hosting would have ways of tracing back who's on the system (e.g. bank accounts).
That local privilege escalation flaws are treated like a case of "sky is falling" is concerning. We saw nearly 15 headlines about it so far this week and most got the news wrong.
GNU/Linux comes from the scientific community, not the business world. We should care for facts and not be tolerant of business-sponsored spin, scaremongering etc. █