Fedora 40 and Rawhide Security Alert Notice

If you’re on Fedora 39 like me, you’re fine.

Fedora team has issued a security alert. Urgent security alert for Fedora 41 and Fedora Rawhide users

Note, this is being addressed and the guidance provided in the link above should be followed.

I will be speaking with Fedora Leadership for on guidance going forward next week.

In meantime, please continue to use Fedora 39 (this is my daily OS) if you are using Fedora 40 and Rawhide (41).

And because folks will ask, this is something that can happen to other distros. So working with a distro that gets ahead of events like this is a mark of transparency and proper process.

Updates for:

• OpenSUSE

• Debian

Thank you.

Matt Hartley
Linux Support Lead for Framework Computer

Additional updates and what was affected:

Latest from Fedora team:

Update to xz issue, for Fedora 40 Beta.

“ISO as released had the old version. The bad update was only there for a few days in testing and is pulled. There’s a minor caveat that there’s a chance that some mirrors may have synced the bad updates-testing but not updated to remove it. Unlikely, but possible. I would recommend disabling the updates-testing repo before updating as a precaution.”