The officially official Devuan Forum!

You are not logged in.

#1 2024-03-30 13:25:55

Ron
Member
Registered: 2018-04-22
Posts: 529  

Malware found in xz

So a developer of XZ for Debian has put malware in it. From what I understand it only affects those who are using testing or the unstable branch. Look to see if you are using versions 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. I'm on version 5.4.1, so I'm good.

Links about this:

https://lists.debian.org/debian-securit … 00057.html
https://www.openwall.com/lists/oss-secu … 24/03/29/4

Offline

#2 2024-03-30 19:23:43

Ron
Member
Registered: 2018-04-22
Posts: 529  

Re: Malware found in xz

From the link below:

Specifically, the nefarious code baked into the code is designed to interfere with the sshd daemon process for SSH (Secure Shell) via the systemd software suite,

So does this mean that Devuan and others based on Devuan would be immune from this malware, even if it is installed?

Forgot to put the link. Here it is: https://thehackernews.com/2024/03/urgen … in-xz.html

Last edited by Ron (2024-03-30 19:24:24)

Offline

#3 2024-04-28 22:22:35

greenjeans
Member
Registered: 2017-04-07
Posts: 636  
Website

Re: Malware found in xz

Thanks for that, checked mine and it's 5.4.1 as well.


https://sourceforge.net/projects/vuu-do/ New 1.09 isos uploaded 11/27/2024
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
New Devuan-mate-mini isos too!
Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

Board footer