[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] User advisory to check for xz-utils backdoor

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] User advisory to check for xz-utils backdoor
From: boldsuck via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Apr 2024 12:43:43 +0200
Cc: lists@xxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Apr 2024 06:44:04 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1712054639; bh=C9EHObxtUio9IJQxfxfwtxYiE4+y3GeE34+v6OtiU7E=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=fMTISDa1qm9sswDfSYnLjz9p08WYmqU7y2PJ2bEhA0hFQSMVNkSOSDOx2PqAeGvBp USVPU9dXv7rnTWDC6jop2FfSBtLZ3YJxNZmK2QK7zj47vly0O8aVJwBGhMc5wAMvMn Fn/FLuf563/cCzd+lHtq2by8WUEy5IJ97fxGkY0af2Dr5WNMcoxv0631q4RWjfb0NV hXdCpaeXz1sSX/C81rOsSPwip5dUPRhxtM+X8YCU631GFlAbVV5Rn6vtc43JrMrCPu QdS6uqN0YMRc41ngBwxKxSW8WnO8N8NMC2FgXCJWzr/DiHFV4yyXjIXw4fdtL170Ps OxyN7BL+g+1Hw==
In-reply-to: <171173755406.6.15729489402611781276.297102626@simplelogin.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <171173755406.6.15729489402611781276.297102626@simplelogin.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Freitag, 29. März 2024 19:39:05 CEST pasture_clubbed242--- via tor-relays 
wrote:

> 
> The near-universally used 'xz' compression library has been found to contain
> a backdoor in certain code branches. This backdoor has made it into some
> systems such as Debian Sid.
> 
> Details regarding this backdoor are available here.
> https://www.openwall.com/lists/oss-security/2024/03/29/4

Pretty unlikely that anyone uses testing or sid for productive servers.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] User advisory to check for xz-utils backdoor
  - From: pasture_clubbed242--- via tor-relays

Prev by Author: Re: [tor-relays] I need a new VPS provider
Next by Author: [tor-relays] torproject fedora bridge recipe fails the firewall part: suggest of update.
Previous by thread: [tor-relays] User advisory to check for xz-utils backdoor
Next by thread: Re: [tor-relays] R: Re: Request for Feedback on Relay Node Update Management
Index(es):
- Author
- Thread