PSA: Backdoor in latest version of xz: https://openwall.com/lists/oss-security/2024/03/29/4
Downgrade if you’re running one of the latest xz versions, it has been compromised. If you’re using mainstream distros, you may be fine (as they lag with versions a bit behind master). If you’re running Alpine or any other non-gnu or non-systemd distro, you should be fine too (the exploit checks for GNU, and also probably won’t work with distro-unpatched sshd)
Emily! :Blobhaj_Witch_Broom: /
npub1ng…sgs86
2024-03-29 16:49:39
Author Public Key
npub1ngslnpcavc09e9l34de0608hr66ktpr8fyudckvycju23nmlynmsrsgs86Published at
2024-03-29 16:49:39Event JSON
{
"id": "8ef2f10360e644da365b15fe9ecf298f2f90a7ba48682e268fdc8622217d1a29",
"pubkey": "9a21f9871d661e5c97f1ab72fd3cf71eb56584674938dc5984c4b8a8cf7f24f7",
"created_at": 1711730979,
"kind": 1,
"tags": [
[
"proxy",
"https://donotsta.re/objects/99c56ab5-da01-4b1e-bd2c-8b87a6263a5e",
"activitypub"
]
],
"content": "PSA: Backdoor in latest version of xz: https://openwall.com/lists/oss-security/2024/03/29/4\n\nDowngrade if you’re running one of the latest xz versions, it has been compromised. If you’re using mainstream distros, you may be fine (as they lag with versions a bit behind master). If you’re running Alpine or any other non-gnu or non-systemd distro, you should be fine too (the exploit checks for GNU, and also probably won’t work with distro-unpatched sshd)",
"sig": "70086b84358e12f8ffcc06f87f47f07b2de0214d7f3ab722e1d6c6ccca504a99973c492d7f69a75a074d09166d4c1183153dde80a2f8745ec28e2bc9765cac33"
}