[Koha-devel] XZ Utils backdoor for Linux
Paul A
paul.a at navalmarinearchive.com
Thu Apr 4 17:57:27 CEST 2024
On 2024-04-03 19:15, David Cook via Koha-devel wrote:
> Hi all,
>
> This isn’t related to Koha per se, but I thought I’d share it for anyone
> who hasn’t seen it: https://en.wikipedia.org/wiki/XZ_Utils_backdoor
> <https://en.wikipedia.org/wiki/XZ_Utils_backdoor>
>
> All the more reason to have things like Kohacon so that we actually know
> each other…
Thanks David. For those using Debian: "Right now no Debian stable
versions are known to be affected. Compromised packages were part of the
Debian testing, unstable and experimental distributions"
<https://lists.debian.org/debian-security-announce/2024/msg00057.html>
and Ubuntu: "The affected version of xz-utils was only in
noble-proposed, and was removed before migrating to noble itself. No
released versions of Ubuntu were affected by this issue."
<https://ubuntu.com/security/CVE-2024-3094>
Now back to my trusty old Koha 3.8.24, current server up-time 1,410 days ;=}
Paul
>
> David Cook
>
> Senior Software Engineer
>
> Prosentient Systems
>
> Suite 7.03
>
> 6a Glen St
>
> Milsons Point NSW 2061
>
> Australia
>
> Office: 02 9212 0899
>
> Online: 02 8005 0595
>
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : https://www.koha-community.org/
> git : https://git.koha-community.org/
> bugs : https://bugs.koha-community.org/
More information about the Koha-devel
mailing list