Heads up if using the testing / unstable version of Debian, Ubuntu, NixOS or other Linux OS based on these, there is malicious code in the latest xz package: https://www.openwall.com/lists/oss-security/2024/03/29/4
>The malicious injection present in the xz versions 5.6.0 and 5.6.1
>Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by linux distributions, and where they have, mostly in pre-release versions.
Running stable versions are fine:
₿ xz --version
xz (XZ Utils) 5.4.1
liblzma 5.4.1
openoms
npub14t…shy62
2024-03-29 20:24:12
Author Public Key
npub14tq8m9ggnnn2muytj9tdg0q6f26ef3snpd7ukyhvrxgq33vpnghs8shy62Published at
2024-03-29 20:24:12Event JSON
{
"id": "26da0392766609e81daa88cac559b203cd09b7c1e39d0ed886b95df35b35699a",
"pubkey": "aac07d95089ce6adf08b9156d43c1a4ab594c6130b7dcb12ec199008c5819a2f",
"created_at": 1711743852,
"kind": 1,
"tags": [],
"content": "Heads up if using the testing / unstable version of Debian, Ubuntu, NixOS or other Linux OS based on these, there is malicious code in the latest xz package: https://www.openwall.com/lists/oss-security/2024/03/29/4\n\n\u003eThe malicious injection present in the xz versions 5.6.0 and 5.6.1\n\u003eLuckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by linux distributions, and where they have, mostly in pre-release versions.\n\nRunning stable versions are fine:\n\n₿ xz --version\nxz (XZ Utils) 5.4.1\nliblzma 5.4.1",
"sig": "51ae4afc68baa33e9b3126993913ed565e8a5c4253f9dd6fa4e1be4335df769f3ecd512129aab3c19b716e9d206e61e328d19a1b6b53618fb46e6748f5eaf120"
}