Truth about xz backdoor on linux

Started by Ghost Member, May 09, 2024, 05:23:24 PM

Previous topic - Next topic

0 Members and 6 Guests are viewing this topic.

Print
Go Down Pages1
User actions

Ghost Member

May 09, 2024, 05:23:24 PM Last Edit: May 09, 2024, 05:25:24 PM by Ghost Member
I see Windows fanboy(linux hater ones) try to use this incident and slur Linux again that they're vulnerable as windows like Britec09 accuse. That's BS. Here's the truth.

1. All these times It's fake xz-utils source code 5.6.0, 5.6.1 version.

The Debian package maintainer mistook this for latest source code and make package host on Debian Unstable & Testing repository and found out later it's contain backdoor code which can affect otheer Xz archives like tar.xz files but it's not gonna affect tar.bz2, tar.gz just tar.xz

2. Real official version is 5.4.6
https://sourceforge.net/projects/lzmautils/files/
and the Culprit is: https://github.com/JiaT75
As original Xz dev state https://tukaani.org/xz-backdoor/

3. it's already been fixed on Debian and rename as "5.6.1+really5.4.5-1" so this flaw is fixed no more backdoor.
https://packages.debian.org/search?keywords=xz-utils

Hālian He/him

#1
Yesterday at 05:47:24 PM
I think you're putting too much stock in Linux antis and what they have to say. Regardless, it's good to point this out for people who may not have known.

(Would like to know what the current situation is for other distros, though, for completeness' sake.)
Print
Go Up Pages1
User actions