novaBBS - alt.os.linux.suse - Tumbleweed security hole

Tumbleweed security hole

<uu8nqc$ht05$1@paganini.bofh.team>

https://www.novabbs.com/computers/article-flat.php?id=1097&group=alt.os.linux.suse#1097

copy link Newsgroups: alt.os.linux.suse

Path: i2pn2.org!i2pn.org!newsfeed.bofh.team!paganini.bofh.team!not-for-mail
From: Dan...@hyperspace.vogon.gov (R Daneel Olivaw)
Newsgroups: alt.os.linux.suse
Subject: Tumbleweed security hole
Date: Sat, 30 Mar 2024 10:59:40 +0100
Organization: To protect and to server
Message-ID: <uu8nqc$ht05$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 30 Mar 2024 09:59:40 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="586757"; posting-host="XBJBjenliTep7OIZ0g9xdw.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team"; posting-account="9dIQLXBM7WM9KzA+yjdR4A";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
SeaMonkey/2.53.18.1
X-Mozilla-News-Host: news://news.eternal-september.org:119
X-Notice: Filtered by postfilter v. 0.9.3

by: R Daneel Olivaw - Sat, 30 Mar 2024 09:59 UTC

According to https://news.opensuse.org/2024/03/29/xz-backdoor/ a
backdoor was present in the xz project from 7 March to 28 March. The
rogue xz introduced a backdoor into the SSH daemon, exploitable if SSH
"is exposed to the internet".

"openSUSE MicroOS" is also affected.

"SUSE Linux Enterprise" is not affected.
openSUSE Leap is not affected either.

I'm running the current version of Leap, my xz level is 5.2.3.
The bad versions are xz-5.6.0 and xz-5.6.1

https://it.slashdot.org/story/24/03/29/2158259/red-hat-issues-urgent-alert-for-fedora-linux-users-due-to-malicious-code
has more on the background.

Avoid the Gates of Hell. Use Linux -- unknown source

computers / alt.os.linux.suse / Tumbleweed security hole

Subject	Author
Tumbleweed security hole	R Daneel Olivaw