https://security.archlinux.org/CVE-2024-3094
https://arstechnica.com/security/2024/0 ... nnections/
https://gist.github.com/thesamesam/2239 ... 78baad9e27
Malicious code in XZ supply chain and releases
Malicious code in XZ supply chain and releases
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Re: Malicious code in XZ supply chain and releases
Now this is interesting: Someone is making the point that because affected versions of xz-utils are GPL-licensed, the malware author and the xz-utils project are both legally required to provide the full source code for the malware (which was distributed only in obfuscated binary form) - github.com/tukaani-project/.github/issues/2
EDIT Broke dead link as both that issue and the account that posted it appear to have been deleted.
EDIT Broke dead link as both that issue and the account that posted it appear to have been deleted.
Last edited by barbaz on Tue Apr 02, 2024 5:17 pm, edited 1 time in total.
Reason: -
Reason: -
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Re: Malicious code in XZ supply chain and releases
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19