Sujet : xz backdoor
De : wbe (at) *nospam* UBEBLOCK.psr.com.invalid (Winston)
Groupes : comp.unix.bsd.freebsd.miscDate : 01. Apr 2024, 23:09:04
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <yd7chghjtb.fsf@UBEblock.psr.com>
User-Agent : Gnus/5.13 (Gnus v5.13)
Saw a YouTube video about a backdoor that had been snuck into xz
that affects openssh and sshd. The vulnerability was rated
10.0 of 10.0 and the Linux distros were racing to fix it.
If I remember the video correcty, the malware only got in as of
5.6.*, and older versions are not at risk. "xz --version" says
5.4.4, so it looks like FreeBSD is safe, but maybe a newer
version of FreeBSD (13.3 or the upcoming 14.1) might need to
avoid it?
Just passing on the word. This was the video:
https://www.youtube.com/watch?v=OHAyf0qwdCs -WBE