Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[SID - Unstable] backdoor in upstream xz affecting openssh
-
- Debian Developer
- Posts: 463
- Joined: 2022-07-12 14:10
- Has thanked: 1 time
- Been thanked: 88 times
[SID - Unstable] backdoor in upstream xz affecting openssh
There seems to be a backdoor in the upstream xz release that affects openssh in unstable: https://www.openwall.com/lists/oss-secu ... 24/03/29/4
- fabien
- Forum Helper
- Posts: 737
- Joined: 2019-12-03 12:51
- Location: Anarres (Toulouse, France actually)
- Has thanked: 67 times
- Been thanked: 173 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
Thank you @lindi
The version in testing and unstable has been updated in the main repository
The version in testing and unstable has been updated in the main repository
Therefore, updating to 5.6.1+really5.4.5-1 is safe and recommended.xz-utils (5.6.1+really5.4.5-1) unstable; urgency=critical
* Non-maintainer upload by the Security Team.
* Revert back to the 5.4.5-0.2 version
-- Salvatore Bonaccorso <carnil@debian.org> Thu, 28 Mar 2024 15:59:38 +0100
Share your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots
-
- Debian Developer
- Posts: 463
- Joined: 2022-07-12 14:10
- Has thanked: 1 time
- Been thanked: 88 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
Updating is safe but we don't know what the obfuscated backdoor code did. It might persist even after you upgrade the package itself.
-
- Posts: 27
- Joined: 2023-01-14 20:58
- Has thanked: 6 times
- Been thanked: 2 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
Is there any news on the current situation ?
12.6 freezed?
12.6 freezed?
- sunrat
- Administrator
- Posts: 6593
- Joined: 2006-08-29 09:12
- Location: Melbourne, Australia
- Has thanked: 119 times
- Been thanked: 502 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
It never affected Stable, only Testing and Unstable.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
Those who have lost data
...and those who have not lost data YET ” Remember to BACKUP!
-
- Posts: 27
- Joined: 2023-01-14 20:58
- Has thanked: 6 times
- Been thanked: 2 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
Im aware of this.
https://linuxiac.com/debian-decided-to- ... 6-release/
12.6 Postponed for security reasons. But no news here.
- fabien
- Forum Helper
- Posts: 737
- Joined: 2019-12-03 12:51
- Location: Anarres (Toulouse, France actually)
- Has thanked: 67 times
- Been thanked: 173 times
Re: [SID - Unstable] backdoor in upstream xz affecting openssh
Monitor the Debian News subforum: 2024-03-31
It is hard work that demands and deserves serenity.Although no Debian stable versions are known to be affected by CVE-2024-3094 the next point release for 12.6 has been postponed while we investigate the effects of this CVE on the Archive.
Share your Debian SCRIPTS
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots
There will be neither barrier nor walls, neither official nor guard, there will be no more desert and the entire world will become a garden. — Anacharsis Cloots