If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised.
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
Also, hat tip to the peertube developers for being so responsive.
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
@jerry@infosec.exchange It was quite a thing to wake up to this morning. I upgraded my instance before I even had my coffee.
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
@jerry Impressive release with detections and mitigations in the notes. The team did well responding to it.
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
@jerry If you've been compromised, will a patch really clean things up? I thought the general wisdom was that you should nuke the site from orbit and perform a clean OS install + restore from backups?
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
@jerry I wonder if someone can design a SQL injection to update instances, for the users who are having trouble contacting their instance maintainers
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
-
@jerry@infosec.exchange It was quite a thing to wake up to this morning. I upgraded my instance before I even had my coffee.
@Jerry@hear-me.social @jerry@infosec.exchange Same... and now it's time for coffee.
-
If you run a peertube instance and have not patched in the past 4 hours, you are way behind and likely have been compromised. The latest patch will help clean up the mess.
See here: https://github.com/Chocobozzz/PeerTube/releases/tag/v8.1.8
-
@jerry Impressive release with detections and mitigations in the notes. The team did well responding to it.
At this time and age, an SQL injection vulnerability is a clear proof of sloppiness, unless the vulnerability is in the data access library they are using, of course.
There are so many ways to access a database that make impossible that kind of attack that there is no excuse.
It is not something weird or complex; even PHP official documentation explains clearly how to avoid them when they explain how to access a DB.Let's hope they have learned their lesson and they change all their DB code according to best practices.
We are in 2026, for God's sake.
-
J jwcph@helvede.net shared this topic
