Back

@aral it's not a remote code execution though, right? Good reminder anyway, I'll go do that.

@jonn @aral Read thru the (rather easily read) exploit explanation, and you'll see why it doesn't really matter if it's _immediately_ remotely accessable.

It's just straight up simple.

@Truck @aral I mean, it's a privelege escalation exploit, right? If you have an attacker in the system a lot of things will go wrong with or without it. But yeah, patching stuff like this is very important!

@jonn @aral Yes. And I wasn't saying you weren't going to - just that this sort of talk can cause some people who don't fully understand risk management with servers online to say "oh, I'll wait, it's not big enough." It's like sleeping... you CAN avoid it. You just will be far easier to exploit if you don't.

And I've read from a few people "well it's not that big" and I'm sorry, aren't you running Wordpress, buddy? Gosh I have NO idea how anyone could POSSIBLY exploit anything via Wordpress plugins at all that NEVER happens. Etc (:

When I read an exploit and it just smells of "braindead simple" I know someone out there is gonna expiriment, and that's gonna roll into something else, and...

No, this isn't log4j level. This is _standard, everyday_ level. Not "people don't want to run their own servers" crap, but "maintenance of everything is a good discipline."

@Truck @aral ofc