Article <op.2lihbgr3a3w0dxdave@hodgins.homeip.net>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <op.2lihbgr3a3w0dxdave@hodgins.homeip.net>

Deutsch English Français Italiano

<op.2lihbgr3a3w0dxdave@hodgins.homeip.net>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!news.nobody.at!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: "David W. Hodgins" <dwhodgins@nomail.afraid.org>
Newsgroups: comp.os.linux.misc
Subject: Re: Malware find in the news: xz related.
Date: Sun, 31 Mar 2024 14:51:06 -0400
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <op.2lihbgr3a3w0dxdave@hodgins.homeip.net>
References: <uu7r9s$kh5b$2@dont-email.me> <uubp1i$1qg47$1@dont-email.me>
 <uuc1l6$lfl$1@tncsrv09.home.tnetconsulting.net>
 <op.2lh91erma3w0dxdave@hodgins.homeip.net> <uuc72o$1ts1m$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 31 Mar 2024 18:56:56 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="d2cdf57838d94b96c1341b5af9238951";
	logging-data="2063583"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1//oC+Tn/cxYv3iw0+r0lLKGNDnlQrgVnQ="
User-Agent: Opera Mail/12.16 (Linux)
Cancel-Lock: sha1:khthZrr7tbguWiYuET3B8S0DVIE=
Bytes: 2514

On Sun, 31 Mar 2024 13:38:32 -0400, Rich <rich@example.invalid> wrote:

> David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
>> On Sun, 31 Mar 2024 12:05:58 -0400, Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>>
>>> On 3/31/24 08:38, John McCue wrote:
>>>> Thanks, here is another interesting link that describes how the issue
>>>> occurred and indicates why *BSD and Distros like Slackware would not
>>>> be vulnerable.
>>>
>>> My understanding is that effectively the differentiating factor of if a
>>> distro is impacted or not is if it uses systemd or not.
>>
>> sshd supports compression. xz is an option for how things are compressed.
>
> ssh supports zlib compression.  It (ssh) does not offer lzma/xz as a
> compression option.
>
> xz got pulled into ssh on systemd systems because systemd supports
> using xz/lzma for journald compression, and it is therefore a
> dependency of libsystemd.  Some distros patch sshd to link to
> libsystemd so that their sshd can "notify" systemd that it is up via a
> call to a libsystemd function.

Perhaps ssh is only impacted on systemd systems, but anything processing
untrusted xz compressed files, such as clamav is still vulnerable, so the
statement that only systems using systemd are vulnerable is not correct.

Any system using xz 5.6.0 or 5.6.1 is vulnerable.

Regards, Dave Hodgins