:: Re: [DNG] [SECURITY] [DSA 5649-1] x…
Page principale
Ce message fait partie du fil suivant :
M-++\Arborescence complète du fil triée par date
M\MMMJeremy Phelps à <-
MMMMLorenz à ->
Supprimer ce message
Répondre à ce message
Auteur: Amin Bandali
Date:  
À: Jeremy Phelps via Dng
Sujet: Re: [DNG] [SECURITY] [DSA 5649-1] xz-utils security update
Jeremy Phelps via Dng wrote:

>> On Mar 30, 2024, at 13:05, Martin Steigerwald <martin@???> wrote:
[...]
>>
>> So I take it that Devuan is also affected.
>>
>
> I checked with ldd and confirmed that Devuan's sshd is linked with libsystemd.

Not quite. The libsystemd.so.0 shared library on Devuan is
actually provided by the libelogind-compat package, as a symlink
to libelogind.so.0 from the libelogind0 package:

$ dpkg -S libsystemd.so.0
libelogind-compat:amd64: /lib/x86_64-linux-gnu/libsystemd.so.0

$ readlink /usr/lib/x86_64-linux-gnu/libsystemd.so.0
libelogind.so.0

$ dpkg -S libelogind.so.0
libelogind0:amd64: /lib/x86_64-linux-gnu/libelogind.so.0
libelogind0:amd64: /lib/x86_64-linux-gnu/libelogind.so.0.35.0

Which, unlike libsystemd, does *not* depend on liblzma from xz-utils:

$ apt-cache depends libelogind0
libelogind0
Depends: libc6
Depends: libcap2

So Devuan is likely safe, at least with respect to that part of the
attack.
Ce message a été envoyé sur les listes de diffusion suivantes :
dng
Informations sur la liste de diffusion | Messages voisins		<-Re: [DNG] eventually: the sbin mergeRe: [DNG] eventually: the sbin merge->

Donate to Dyne.org

dyne.org open discussions
administré par dyne.org hackers		Lurker (version 2.3)