Fedora 40 and Rawhide Security Alert

If you’re on Fedora 39 like me, you’re fine.

Fedora team has issued a security alert. Urgent security alert for Fedora 41 and Fedora Rawhide users

Note, this is being addressed and the guidance provided in the link above should be followed.

I will be speaking with Fedora Leadership for on guidance going forward next week.

In meantime, please continue to use Fedora 39 (this is my daily OS) if you are using Fedora 40 and Rawhide (41).

And because folks will ask, this is something that can happen to other distros. So working with a distro that gets ahead of events like this is a mark of transparency and proper process.


Updates for:

Thank you.

Matt Hartley
Linux Support Lead for Framework Computer

1 Like

Additional updates and what was affected:

Latest from Fedora team:

Update to xz issue, for Fedora 40 Beta.

“ISO as released had the old version. The bad update was only there for a few days in testing and is pulled. There’s a minor caveat that there’s a chance that some mirrors may have synced the bad updates-testing but not updated to remove it. Unlikely, but possible. I would recommend disabling the updates-testing repo before updating as a precaution.”

Hello Matt!
Fedora now has an official communication on the backdoor, I noticed that comments are disabled on that thread, it may prove helpful to include this communication in the post.

3 Likes

Merging threads now. Thanks!