* Backdoor in xz 5.6 (CVE-2024-3094)
@ 2024-03-29 18:43 Nguyễn Gia Phong
0 siblings, 0 replies; only message in thread
From: Nguyễn Gia Phong @ 2024-03-29 18:43 UTC (permalink / raw)
To: ~cnx/loang, chung
Hello, friends,
There has been report of backdoor in upstream xz 5.6.0 and 5.6.1:
https://www.openwall.com/lists/oss-security/2024/03/29/4
I have carried out rolling back to the nixpkgs channel
before the package xz was upgraded to version 5.6
as the best-effort mitigation for loang.net.
If the system was compromized and the attacker(s) covered their track
well enough, their would not be any sign. Either way,
I am NOT a security expert to detect such unauthorized access
and planted malwares.
Please also be advised to stop any system with the affected library,
including your personal computer.
~cnx
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-29 18:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-29 18:43 Backdoor in xz 5.6 (CVE-2024-3094) Nguyễn Gia Phong
Code repositories for project(s) associated with this public inbox
https://trong.loang.net/nixos-conf
https://trong.loang.net/phylactery
https://trong.loang.net/site
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).