17 sats \ 0 replies \ @fiksn 29 Mar
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
reply
17 sats \ 0 replies \ @Bell_curve 29 Mar
https://www.nobsbitcoin.com/backdoor-in-xz-tools-used-by-most-linux-distros/
reply
17 sats \ 0 replies \ @fiksn 29 Mar
Have to admit hidding the backdoor in obfuscated compressed test data was a genius move
reply
17 sats \ 1 reply \ @kepford 29 Mar
More info: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
reply
17 sats \ 0 replies \ @kepford 29 Mar
Most important parts
reply
17 sats \ 0 replies \ @quark 30 Mar freebie
OpenSuse is even recommending reinstalling everything instead of just updating xz.
https://news.opensuse.org/2024/03/29/xz-backdoor/
reply
33 sats \ 1 reply \ @Scoresby OP 29 Mar
More info:
reply
100 sats \ 0 replies \ @Scoresby OP 29 Mar
If you're running Ubuntu, seems like you may not be affected:
reply
0 sats \ 0 replies \ @fiksn 29 Mar
Just a few days ago I've installed xz from nixpkgs-unstable on a machine (luckily not my node). How screwed am I? It came from binary cache tho, so configure was never invoked, well at least not on my machine
reply