Re: Check If Your Distro Is Vulnerable To XZ Backdoor

Liste des GroupesRevenir à ol advocacy 
Sujet : Re: Check If Your Distro Is Vulnerable To XZ Backdoor
De : physfitfreak (at) *nospam* gmail.com (Physfitfreak)
Groupes : comp.os.linux.advocacy
Date : 03. Apr 2024, 02:56:24
Autres entêtes
Organisation : Modern Human
Message-ID : <uui9fo$2kuk$1@solani.org>
References : 1
User-Agent : Mozilla Thunderbird
On 3/31/24 08:01, Farley Flud wrote:
Run this command to check if liblzma is linked to ssh:
 ldd "$(command -v sshd)"
 For example, on Gentoo (the best distro) I get:
  linux-vdso.so.1 (0x00007ffff7fcb000)
         libcrypt.so.2 => /usr/lib64/libcrypt.so.2 (0x00007ffff7f6e000)
         libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007ffff7a00000)
         libz.so.1 => /usr/lib64/libz.so.1 (0x00007ffff7f54000)
         libc.so.6 => /lib64/libc.so.6 (0x00007ffff783c000)
         /lib64/ld-linux-x86-64.so.2 (0x00007ffff7fcc000)
 Nope.  There ain't no linking to liblzma, thus Gentoo is NOT affected
regardless of what version of xz-utils is installed.
 Systemd is ultimately responsible and more and more hackers will be
looking for more and better ways of exploiting that 3 million loc
pile of junk.
 Don't say we didn't tell you so.
 To save your systems, downgrade xz-utils AND eliminate systemd.
 
What version of xz-utils is vulnerable?

Date Sujet#  Auteur
3 Apr 24 * Re: Check If Your Distro Is Vulnerable To XZ Backdoor3Physfitfreak
3 Apr 24 `* Re: Check If Your Distro Is Vulnerable To XZ Backdoor2candycanearter07
3 Apr 24  `- Re: Check If Your Distro Is Vulnerable To XZ Backdoor1Physfitfreak

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal