| Rich Mingin (PLUG) via plug on 29 Mar 2024 12:16:04 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] xz backdoor... check your boxes |
Arch Linux *was* affected, but has released an updated/fixed build. Ensure any Arch-based distros have 5.6.1-2 or greater installed. On Fri, Mar 29, 2024 at 2:53 PM Chad Waters via plug <plug@lists.phillylinux.org> wrote: > > Check your xz packages. Upstream 5.6.x contains malicious code. You should be reverting back to 5.4.x. Its made it way into some bleeding edge/development distros. > > https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > It made its way into Debian Sid and Testing (and has been reverted). > https://tracker.debian.org/pkg/xz-utils > > -Chad > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug