CVE-2024-3094 on XZ - bacdoor - supply chain backdoor SOLVED on SLACKWARE

Please reproduce your error on a second machine before posting, and check the error by running without saved changes or extra modules (See FAQ No. 13, "How to report a bug"). For unstable Porteus versions (alpha, beta, rc) please use the relevant thread in our "Development" section.
Post Reply
User avatar
maia
Samurai
Samurai
Posts: 123
Joined: 08 Aug 2019, 16:56
Distribution: Porteus-5 64b Openbox
Location: Brasil

CVE-2024-3094 on XZ - bacdoor - supply chain backdoor SOLVED on SLACKWARE

Post#1 by maia » 30 Mar 2024, 13:57

I don't know if this is the best place to address this issue, but a 10.0 critical vulnerability was identified in the xz tarballs of xz package, starting with version 5.6.0. Although the version currently used in porteus is 5.25, I believe it is prudent to apply the suggested corrections.

https://nvd.nist.gov/vuln/detail/CVE-2024-3094
https://access.redhat.com/security/cve/CVE-2024-3094

:( =@
Last edited by maia on 09 Apr 2024, 20:55, edited 1 time in total.
Sorry my english is really, g##gle-tr4nsl4t0r
Top
User avatar
Ed_P
Contributor
Contributor
Posts: 8380
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

CVE-2024-3094 on XZ - bacdoor - supply chain backdoor

Post#2 by Ed_P » 30 Mar 2024, 15:58

Thank you.

CVE-2024-3094 - backdoor found in xz utils 5.6.0 and 5.6.1
Ed
Top
Post Reply

Return to “Bug Reports”