Deutsch English Français Italiano |
<yd7chghjtb.fsf@UBEblock.psr.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Winston <wbe@UBEBLOCK.psr.com.invalid> Newsgroups: comp.unix.bsd.freebsd.misc Subject: xz backdoor Date: Mon, 01 Apr 2024 17:09:04 -0400 Organization: A noiseless patient Spider Lines: 12 Message-ID: <yd7chghjtb.fsf@UBEblock.psr.com> MIME-Version: 1.0 Content-Type: text/plain Injection-Date: Mon, 01 Apr 2024 21:08:56 +0200 (CEST) Injection-Info: dont-email.me; posting-host="b12768fbfcd9883ef2f8b4e64d81a850"; logging-data="2859718"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/HTNKHzy6/pxpkXwzwCX1s" User-Agent: Gnus/5.13 (Gnus v5.13) Cancel-Lock: sha1:7q5Zj3Za+o5ngkN2TDPKDkp4CMs= sha1:gby0dOJw/iuivtk0MF+HidU3Gok= Mail-Copies-To: never Bytes: 1430 Saw a YouTube video about a backdoor that had been snuck into xz that affects openssh and sshd. The vulnerability was rated 10.0 of 10.0 and the Linux distros were racing to fix it. If I remember the video correcty, the malware only got in as of 5.6.*, and older versions are not at risk. "xz --version" says 5.4.4, so it looks like FreeBSD is safe, but maybe a newer version of FreeBSD (13.3 or the upcoming 14.1) might need to avoid it? Just passing on the word. This was the video: https://www.youtube.com/watch?v=OHAyf0qwdCs -WBE