BrikoX@vlemmy.net to Technology@lemmy.worldEnglish · 1 year agoMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comexternal-linkmessage-square7fedilinkarrow-up1116arrow-down13cross-posted to: fediverse@kbin.socialtech@kbin.socialtechnology@beehaw.org
arrow-up1113arrow-down1external-linkMastodon fixes critical “TootRoot” vulnerability allowing node hijackingarstechnica.comBrikoX@vlemmy.net to Technology@lemmy.worldEnglish · 1 year agomessage-square7fedilinkcross-posted to: fediverse@kbin.socialtech@kbin.socialtechnology@beehaw.org
minus-squarejjagaimo@lemmy.calinkfedilinkEnglisharrow-up7·edit-21 year agoDirectly probably not. Its more likely an implementation issue than a federation issue. “Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location" I doubt lemmy and mastodon share image parsing code
minus-squarenpmstart_pray@lemmy.fmhy.mllinkfedilinkEnglisharrow-up4arrow-down4·1 year agoI’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
minus-squareBrikoX@vlemmy.netOPlinkfedilinkEnglisharrow-up6·1 year agoLemmy has been in development since 2019. And Lemmy uses pict-rs for images.
Directly probably not. Its more likely an implementation issue than a federation issue.
“Using carefully crafted media files, attackers can cause Mastodon’s media processing code to create arbitrary files at any location"
I doubt lemmy and mastodon share image parsing code
I’d not be so confident given just how quickly the rollout happened. Remember, we’re talking only a matter of weeks. (I’m a little more comfortable with things especially with the frequency of updates this far - I’ve installed 2 today)
Lemmy has been in development since 2019. And Lemmy uses pict-rs for images.