Friendica in Luxembourg

Michał "rysiek" Woźniak · 🇺🇦

7 months ago • •

Michał "rysiek" Woźniak · 🇺🇦
7 months ago • •

Uhhh heads up everyone:
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

> After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:

> The upstream xz repository and the xz tarballs have been backdoored.

As far as Debian is concerned, seems like only Sid was affected (fixed):
https://lists.debian.org/debian-security-announce/2024/msg00057.html

Generally, XZ Utils versions 5.6.0 and 5.6.1.

#InfoSec #Linux #Debian

[SECURITY] [DSA 5649-1] xz-utils security update

^{lists.debian.org}

This entry was edited (7 months ago)

in reply to Michał "rysiek" Woźniak · 🇺🇦

Agnieszka R. Turczyńska

in reply to Michał "rysiek" Woźniak · 🇺🇦 • 7 months ago • •

Debian has already sorted it out: https://lists.debian.org/debian-security-announce/2024/msg00057.html, but yes, update is needed if one has updated recently.

[SECURITY] [DSA 5649-1] xz-utils security update

^{lists.debian.org}

This entry was edited (7 months ago)

This website uses cookies to recognize revisiting and logged in users. You accept the usage of these cookies by continue browsing this website.

⇧