Forum: Too Lazy BBS

Tumbleweed security hole

From R Daneel Olivaw@Danny@hyperspace.vogon.gov to alt.os.linux.suse on Sat Mar 30 10:59:40 2024

From Newsgroup: alt.os.linux.suse

According to https://news.opensuse.org/2024/03/29/xz-backdoor/ a
backdoor was present in the xz project from 7 March to 28 March. The
rogue xz introduced a backdoor into the SSH daemon, exploitable if SSH
"is exposed to the internet".

"openSUSE MicroOS" is also affected.

"SUSE Linux Enterprise" is not affected.
openSUSE Leap is not affected either.

I'm running the current version of Leap, my xz level is 5.2.3.
The bad versions are xz-5.6.0 and xz-5.6.1

https://it.slashdot.org/story/24/03/29/2158259/red-hat-issues-urgent-alert-for-fedora-linux-users-due-to-malicious-code
has more on the background.
--- Synchronet 3.21d-Linux NewsLink 1.2