On 4/4/24 00:49, FreeBSD User wrote:
Hello,
I just stumbled over this CVE regarding xz 5.6.0 and 5.6.1:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094
FreeBSD starting with 14-STABLE seems to use xz 5.6.0, but my limited skills do
not allow me
to judge wether the described exploit mechanism also works on FreeBSD.
RedHat already sent out a warning, the workaround is to move back towards an
older variant.
I have to report to my superiors (we're using 14-STABLE and CURRENT and I do so
in private),
so I would like to welcome any comment on that.
Thanks in advance,
O. Hartmann
See so@'s answer from a couple days ago:
https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html
TL;DR no
Thanks,
Kyle Evans
