Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I am an admin, and it's not clear _how_ I might fix this at the server end.

You're just hearing about this early as it's the first hours of public disclosure. There are 3 CVE's assigned. You'll track those with your vendors or upstream and patch as fixes become available, which they already should be for at least some implementations that had earlier disclosure. The main issue is CVE-2023-48795. It does not appear there is any immediate need to implement compensating controls or workarounds at this time, but that assessment really depends on your own environment, security policy, and risk tolerance.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: