Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/nixCraft/statuses/112183191570453718">nixCraft 🐧 (nixcraft@mastodon.social)'s status on Saturday, 30-Mar-2024 15:21:27 JST</a><a href="https://mastodon.social/@nixCraft" title="nixcraft@mastodon.social"><img src="https://gnusocial.jp/avatar/25612-48-20221113110007.webp" width="48" height="48" alt="nixCraft 🐧" style="position: absolute; left: 0; top: 0;">nixCraft 🐧</a></section><article><p>Regarding xz-utils backdoor  (liblzma5): Right now no Debian stable versions are known to be affected.<br>Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian <a href="https://mastodon.social/tags/Linux" rel="tag">#Linux</a> 12/11/10 appears  safe. Taken from <a href="https://lists.debian.org/debian-security-announce/2024/msg00057.html" rel="nofollow noreferrer">https://lists.debian.org/debian-security-announce/2024/msg00057.html</a> <a href="https://mastodon.social/tags/infosec" rel="tag">#infosec</a> <a href="https://mastodon.social/tags/security" rel="tag">#security</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2880918#notice-5724230">In conversation</a><time datetime="2024-03-30T15:21:27+09:00" title="Saturday, 30-Mar-2024 15:21:27 JST">about 8 months ago</time> <span>from <span><a href="https://mastodon.social/@nixCraft/112183191570453718" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@nixCraft/112183191570453718">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/2438157">Untitled attachment</a></label><br><a href="https://files.mastodon.social/media_attachments/files/112/183/188/520/326/759/original/2f0a2c569b32b5b8.png" rel="external">https://files.mastodon.social/media_attachments/files/112/183/188/520/326/759/original/2f0a2c569b32b5b8.png</a></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://lists.debian.org/debian-security-announce/2024/msg00057.html">[SECURITY] [DSA 5649-1] xz-utils security update</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
nixCraft 🐧 (nixcraft@mastodon.social)'s status on Saturday, 30-Mar-2024 15:21:27 JST nixCraft 🐧
Regarding xz-utils backdoor (liblzma5): Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and experimental distributions, with versions ranging from 5.5.1alpha-0.1 (uploaded on 2024-02-01), up to and including 5.6.1-1. The package has been reverted to use the upstream 5.4.5 code, which we have versioned 5.6.1+really5.4.5-1. Debian #Linux 12/11/10 appears safe. Taken from https://lists.debian.org/debian-security-announce/2024/msg00057.html #infosec #security
In conversationabout 8 months ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
  https://files.mastodon.social/media_attachments/files/112/183/188/520/326/759/original/2f0a2c569b32b5b8.png
2. No result found on File_thumbnail lookup.
  [SECURITY] [DSA 5649-1] xz-utils security update

Public

Embed Notice

HTML Code

Corresponding Notice