Hi Felix, Slowroll is not affected by this backdoor. No action is necessary. Greetings, Dirk Felix Miata <mrmazda@earthlink.net> schrieb am Sa., 30. März 2024, 03:13:
Michal Suchánek composed on 2024-03-29 23:39 (UTC+0100):
On Fri, Mar 29, 2024 at 06:20:27PM +0100, Ana Guerrero Lopez wrote:
If you're using an up-to-date Tumbleweed, please make sure to update as soon as possible your system.
The latest versions of "xz" (5.6.0 and 5.6.1) contained malicious code ( refer to CVE-2024-3094 ) and the package in Tumbleweed has been reverted back to version 5.4.
After reading this mail, please update your system and ensure you're downgrading xz to the version *5.6.1.revertto5.4. *This version despite**itsname is version 5.4. Last step is reboot your system.
Hopefully we'll have soon more detailed information about this CVE.
Somewhat useful information seems to be:
https://www.openwall.com/lists/oss-security/2024/03/29/4 https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Current installed Slowroll xz rpm comes from xz source package 5.4.6-1.2. Is any current Slowroll admin action required or to be avoided? -- Evolution as taught in public schools is, like religion, based on faith, not based on science.
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata