Atemu@lemmy.ml to Linux@lemmy.ml · 1 year agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square59fedilinkarrow-up127arrow-down10cross-posted to: selfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devsecurity@lemmy.ml
arrow-up127arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 1 year agomessage-square59fedilinkcross-posted to: selfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devsecurity@lemmy.ml
minus-squarecorsicanguppy@lemmy.calinkfedilinkarrow-up1·1 year ago when building RPM or DEB. Which ones? Everything I run seems to be clear. https://access.redhat.com/security/cve/CVE-2024-3094 Products / Services Components State Enterprise Linux 6 xz Not affected Enterprise Linux 7 xz Not affected Enterprise Linux 8 xz Not affected Enterprise Linux 9 xz Not affected (and thus all the bug-for-bug clones)
minus-squareprogandy@feddit.delinkfedilinkarrow-up1·1 year agoThose getting the most recent software versions, so nothing that should be running in a server.
minus-squareLaser@feddit.delinkfedilinkarrow-up1·1 year agoFedora 41, Fedora Rawhide, Debian Sid are the currently known affected ones AFAIK.
Which ones? Everything I run seems to be clear.
https://access.redhat.com/security/cve/CVE-2024-3094
(and thus all the bug-for-bug clones)
Those getting the most recent software versions, so nothing that should be running in a server.
Fedora 41, Fedora Rawhide, Debian Sid are the currently known affected ones AFAIK.