Security warning about xz library compromise
Mark Wielaard
mark@klomp.org
Fri Mar 29 20:39:09 GMT 2024
Sourceware hosts are not affected by the latest xz backdoor.
But we have reset the https://builder.sourceware.org containers of
debian-testing, fedora-rawhide and opensuse-tumbleweed. These
containers however didn't have ssh installed, were running on isolated
VMs on separate machines from our main hosts, snapshots and backup
servers.
If you are running one of these distros on your development machines
then please consult your distro security announcements:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lists.debian.org/debian-security-announce/2024/msg00057.html
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://news.opensuse.org/2024/03/29/xz-backdoor/
More information about the Libc-alpha
mailing list