Atemu@lemmy.ml to Linux@lemmy.ml · 4 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.commessage-square28fedilinkarrow-up117arrow-down10cross-posted to: selfhosted@lemmy.worldprogramming@programming.dev
arrow-up117arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 4 months agomessage-square28fedilinkcross-posted to: selfhosted@lemmy.worldprogramming@programming.dev
minus-squareflying_sheep@lemmy.mllinkfedilinkarrow-up0·4 months agoBackdoor only gets inserted when building RPM or DEB. So while updating frequently is a good idea, it won’t change anything for Arch users today.
minus-squarecorsicanguppy@lemmy.calinkfedilinkarrow-up1·4 months ago when building RPM or DEB. Which ones? Everything I run seems to be clear. https://access.redhat.com/security/cve/CVE-2024-3094 Products / Services Components State Enterprise Linux 6 xz Not affected Enterprise Linux 7 xz Not affected Enterprise Linux 8 xz Not affected Enterprise Linux 9 xz Not affected (and thus all the bug-for-bug clones)
Backdoor only gets inserted when building RPM or DEB. So while updating frequently is a good idea, it won’t change anything for Arch users today.
Which ones? Everything I run seems to be clear.
https://access.redhat.com/security/cve/CVE-2024-3094
(and thus all the bug-for-bug clones)