On Sat, Mar 30, 2024 at 1:26 PM Richard Purdie
wrote:
>
> On Sat, 2024-03-30 at 13:08 +0100, Marta Rybczynska wrote:
> > Absolutely confirm. DO NOT UPDATE
> >
> > Marta
> >
> > On Sat, 30 Mar 2024, 02:04 Mark Hatle,
> > wrote:
> > > I know this request is a week or so old..
> > >
> > > But do
On Mon, Apr 1, 2024 at 9:02 PM Denys Dmytriyenko wrote:
>
> On Mon, Apr 01, 2024 at 11:42:51AM +0200, Fathi Boudra wrote:
> > On Sat, 30 Mar 2024 at 17:18, Richard Purdie
> > wrote:
> > >
> > > On Sat, 2024-03-30 at 14:06 +0100, Martin Jansa wrote:
> > > > From what is publicly known it injected
On Mon, Apr 01, 2024 at 11:42:51AM +0200, Fathi Boudra wrote:
> On Sat, 30 Mar 2024 at 17:18, Richard Purdie
> wrote:
> >
> > On Sat, 2024-03-30 at 14:06 +0100, Martin Jansa wrote:
> > > From what is publicly known it injected malicious code (through m4
> > > macro using payload hidden in
On Sat, 30 Mar 2024 at 17:18, Richard Purdie
wrote:
>
> On Sat, 2024-03-30 at 14:06 +0100, Martin Jansa wrote:
> > From what is publicly known it injected malicious code (through m4
> > macro using payload hidden in obfuscated compressed test file) into
> > built liblzma.so.5 which then hijacks
On Sat, 2024-03-30 at 14:06 +0100, Martin Jansa wrote:
> From what is publicly known it injected malicious code (through m4
> macro using payload hidden in obfuscated compressed test file) into
> built liblzma.so.5 which then hijacks RSA_public_decrypt call e.g. in
> sshd (when sshd is built with
>From what is publicly known it injected malicious code (through m4
macro using payload hidden in obfuscated compressed test file) into
built liblzma.so.5 which then hijacks RSA_public_decrypt call e.g. in
sshd (when sshd is built with patch adding systemd notifications which
brings liblzma
I’m slightly worried. Does this compromise build systems (given that back
door was injected into autoconf scripts) or only systems where xz binaries
are installed?
Ale
On Sat 30. Mar 2024 at 13.26, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:
> On Sat, 2024-03-30 at 13:08 +0100,
On Sat, 2024-03-30 at 13:08 +0100, Marta Rybczynska wrote:
> Absolutely confirm. DO NOT UPDATE
>
> Marta
>
> On Sat, 30 Mar 2024, 02:04 Mark Hatle,
> wrote:
> > I know this request is a week or so old..
> >
> > But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been
> > compromised:
> >
> >
Absolutely confirm. DO NOT UPDATE
Marta
On Sat, 30 Mar 2024, 02:04 Mark Hatle,
wrote:
> I know this request is a week or so old..
>
> But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been compromised:
>
> https://www.openwall.com/lists/oss-security/2024/03/29/4
>
> --Mark
>
> On 3/14/24 8:40
I know this request is a week or so old..
But do NOT upgrade to 'xz' 5.6.0 or 5.6.1. It has been compromised:
https://www.openwall.com/lists/oss-security/2024/03/29/4
--Mark
On 3/14/24 8:40 AM, Richard Purdie wrote:
On Wed, 2024-03-13 at 15:08 +0800, wangmy via lists.openembedded.org
wrote:
10 matches
Mail list logo