From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tem.loang.net (localhost [IPv6:::1]) by brno.localdomain (Postfix) with ESMTP id 4F1D017622B for ; Fri, 29 Mar 2024 18:43:58 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=juBu8K/mpul0nxXaNdktuzK6TxrSSWvNVfJCoNuJ9NE=; c=relaxed/relaxed; d=loang.net; h=Subject:Subject:Sender:To:To:Cc:From:From:Date:Date:MIME-Version:MIME-Version:Content-Type:Content-Type:Content-Transfer-Encoding:Content-Transfer-Encoding:Reply-To:In-Reply-To:Message-Id:Message-Id:References:Autocrypt:Openpgp; i=@loang.net; s=default; t=1711737838; v=1; x=1712169838; b=bWhvxWAA1o/4ropcbwQM2JkatAxBCa37rCHseej0wTk8lsmKraapBoqK3O1M0nXR1c2jW4aV 5OC5SQie36wRCaCnQ88bF18vH3N8b27soPPYaXc2vUg+NJR8Jo1kuXICYPazsXwUB+zquwA7NVV qABszN0bNDi6lb488RT572nIIW0vxhBTEMh9ysWj/3u3JQ58+OULA2t0HZEv5H4KKFRQANcz37v d63Nmcdqyj4BfnBuatDWV7WXbr+IPFUSS9oKcCdNXdGUzm5WNUQSsWqc0p4GU5GIqzrKEWn5Q20 Pc/S3sW7sppiW40QawYQeRKItw4cR0TTJd37emXXkjAJw== Received: by tem.loang.net (envelope-sender ) with ESMTPS id 3534ad35; Fri, 29 Mar 2024 18:43:58 +0000 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 30 Mar 2024 03:43:56 +0900 Message-Id: Subject: Backdoor in xz 5.6 (CVE-2024-3094) To: <~cnx/loang@lists.sr.ht>, From: =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong?= Mime-Version: 1.0 X-Mailer: aerc 0.17.0 List-Id: Hello, friends, There has been report of backdoor in upstream xz 5.6.0 and 5.6.1: https://www.openwall.com/lists/oss-security/2024/03/29/4 I have carried out rolling back to the nixpkgs channel before the package xz was upgraded to version 5.6 as the best-effort mitigation for loang.net. If the system was compromized and the attacker(s) covered their track well enough, their would not be any sign. Either way, I am NOT a security expert to detect such unauthorized access and planted malwares. Please also be advised to stop any system with the affected library, including your personal computer. ~cnx