|
Chad Waters via plug on 29 Mar 2024 11:53:19 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] xz backdoor... check your boxes
|
- From: Chad Waters via plug <plug@lists.phillylinux.org>
- To: PLUG Mailing List <plug@lists.phillylinux.org>
- Subject: [PLUG] xz backdoor... check your boxes
- Date: Fri, 29 Mar 2024 18:53:05 +0000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wooders.net; s=protonmail2; t=1711738391; x=1711997591; bh=tJ+srV26UMNLo3vXYqgnfvpu6pbBzkW8drcTuHFKwLM=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=ujWNAOngj4GIqCSNGb4ybK5pQG8EQpIeYEbf4uCRIVZKi2kG0W6xCkdkrQjl/1MRR nGob1hpuAvHB+utNg7LDnBP4LWC0Ey/4KTr0vEDXz577Xqrmf0TdbthJDHnU/HNwm8 SjyPZc0SBfyXTlzias5YzIIxMyhA8zfv0CSNQfLkOzc4VGAugi7nSDWb6/pWyti5NH yHHSya4pzlrkAYmTyPQtX+l1NjQ05a9yEE+ZNBaIbvmfosgyF1Y4vNnuJte6IlShx0 YYoOABAMJGJS/zD7S1l09yKQPhe/yJtSKfjm6jP3AW0LM1moez5CYnrZl6wqFTLp2F 4S5SwFNTMgGVw==
- Feedback-id: 42454885:user:proton
- Reply-to: Chad Waters <plug@wooders.net>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
Check your xz packages. Upstream 5.6.x contains malicious code. You should be reverting back to 5.4.x. Its made it way into some bleeding edge/development distros.
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://www.openwall.com/lists/oss-security/2024/03/29/4
It made its way into Debian Sid and Testing (and has been reverted).
https://tracker.debian.org/pkg/xz-utils
-Chad
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug