Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/Gottox/statuses/112198498453503872">Enno T. Boland (gottox@chaos.social)'s status on Tuesday, 02-Apr-2024 09:18:05 JST</a><a href="https://chaos.social/@Gottox" title="gottox@chaos.social"><img src="https://gnusocial.jp/avatar/132251-48-20241107112052.webp" width="48" height="48" alt="Enno T. Boland" style="position: absolute; left: 0; top: 0;">Enno T. Boland</a></section><article><p>A thing I wasn't aware of: systemd switched to dlopen'ing compression libraries on demand, rendering the <a href="https://chaos.social/tags/xz" rel="tag">#xz</a> attack useless with one of their next releases. That's why apparently the attackers tried to push distributions to include the new xz version on their stable releases before the mitigation in systemd was included.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2890139#notice-5743437">In conversation</a><time datetime="2024-04-02T09:18:05+09:00" title="Tuesday, 02-Apr-2024 09:18:05 JST">about 8 months ago</time> <span>from <span><a href="https://chaos.social/@Gottox/112198498453503872" rel="external" title="Sent from chaos.social via ActivityPub">chaos.social</a></span></span><a href="https://chaos.social/@Gottox/112198498453503872">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Enno T. Boland (gottox@chaos.social)'s status on Tuesday, 02-Apr-2024 09:18:05 JST Enno T. Boland
A thing I wasn't aware of: systemd switched to dlopen'ing compression libraries on demand, rendering the #xz attack useless with one of their next releases. That's why apparently the attackers tried to push distributions to include the new xz version on their stable releases before the mitigation in systemd was included.
In conversationabout 8 months ago from chaos.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice