:: Re: [DNG] [SECURITY] [DSA 5649-1] x…
Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
Mdng@d404.nl en <-
M++\Martin Steigerwald en ->
Delete this message
Reply to this message
Autor: aitor
Data:  
A: dng
Assumpte: Re: [DNG] [SECURITY] [DSA 5649-1] xz-utils security update
Hi,

On 29/3/24 23:02,dng@??? wrote:

> For those running testing or unstable your are urged to update the
> xz-utils package:
> https://lists.debian.org/debian-security-announce/2024/msg00057.html
> Grtz.
> Nick

As explained in this thread:

https://www.openwall.com/lists/oss-security/2024/03/29/4

the backdoor is in upstream xz-utils/liblzma and leads to ssh server compromise.

"Openssh does not directly use xz-utils/liblzma. However debian and several other distributions
patch openssh to support systemd notification, and libsystemd does depend o xz-utils/liblzma"

Cheers,

Aitor.

Aquest missatge es va enviar a les següents llistes de correu:
dng
Informació sobre la llista de correu | Missatges propers		<-[DNG] [SECURITY] [DSA 5649-1] xz-utils security updateRe: [DNG] [SECURITY] [DSA 5649-1] xz-utils security update->

Donate to Dyne.org

dyne.org open discussions
administrat per dyne.org hackers		Lurker (versió 2.3)