Sujet : Re: Malware find in the news: xz related.
De : not (at) *nospam* telling.you.invalid (Computer Nerd Kev)
Groupes : comp.os.linux.miscDate : 31. Mar 2024, 01:15:01
Autres entêtes
Organisation : Ausics - https://newsgroups.ausics.net
Message-ID : <6608ab05@news.ausics.net>
References : 1 2
User-Agent : tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
MarioCCCP <
NoliMihiFrangereMentulam@libero.it> wrote:
On 30/03/24 02:53, pH wrote:
I just saw this while looking through a news feed.
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
I have not read the entire article yet, but it has been said to have been
found accidentally.
pH in Aptos
any hints to patch the vulnerability, or will it be
addressed soon and be released as security updates ?
The code was targeting Debian, and only reached the Testing version
of Debian, so unless you're running that it's unlikely to matter.
But the advice is to downgrade (which may be effected now as an
upgrade within package managers) from the affected liblzma versions
5.6.0 and 5.6.1 to a previous version if you're not using an older
verison already anyway.
Here's a summary of the problem and what to do:
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27Linked from this official page on the XZ Utils project author's
website:
https://tukaani.org/xz-backdoor/-- __ __#_ < |\| |< _#
Malware find in the news: xz related.
Re: Malware find in the news: xz related.
