I’ve tried reading through the article, but unfortunately, I’m not the sharpest tool in the shed. I use openSUSE, how does this affect me, and what do I need to do/what can I do about this?
Do you mean the specific exploit performed by the author has been fixed? Or the general vulnerability that this exploit was intended to demonstrate has been fixed? The article ends with a What’s Next section discussing the difficulty of the latter, saying
we don’t think there’s a silver bullet to address the risks caused by the compromise of such central pieces of infrastructure
and going into detail about the challenges for openSUSE OBS. Are you claiming those challenges have all been solved and exploits like this are no longer possible?
I’ve tried reading through the article, but unfortunately, I’m not the sharpest tool in the shed. I use openSUSE, how does this affect me, and what do I need to do/what can I do about this?
You don’t need to do anything, these issues have already been fixed.
Perfect. Thank you for taking the time to respond
Do you mean the specific exploit performed by the author has been fixed? Or the general vulnerability that this exploit was intended to demonstrate has been fixed? The article ends with a What’s Next section discussing the difficulty of the latter, saying
and going into detail about the challenges for openSUSE OBS. Are you claiming those challenges have all been solved and exploits like this are no longer possible?
The authors found and reported vulnerabilities in Pagure and Open Build Service. These vulnerabilities have since been fixed.
Usually with vulnerabilities like this, they’re not gonna say anything about it until after they patch it so that people don’t go abuse it