1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • xz-backdoor

    From David W. Hodgins@2:250/1 to All on Sat Mar 30 16:25:33 2024
    https://tukaani.org/xz-backdoor/

    The xz version with the backdoor never made it into Mageia. Even cauldron still has version 5.4.6.

    The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.8.6 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Daniel65@2:250/1 to All on Sun Mar 31 11:26:07 2024
    David W. Hodgins wrote on 31/3/24 3:25 am:
    https://tukaani.org/xz-backdoor/

    The xz version with the backdoor never made it into Mageia. Even
    cauldron still has version 5.4.6.

    The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

    Regards, Dave Hodgins

    Hmmm! How fortunate for you to post this, David.

    I was just reading some of the posts on my Win7 NG and someone there had posted that Linux was now susceptible to Virus' so I was going to ask,
    here, if this WAS the case or was this just an example of Windows users griping!!

    Sure, Virii and 'back-doors' are not the same thing .... but still we
    have to be careful, it seems.
    --
    Daniel

    --- MBSE BBS v1.0.8.6 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From David W. Hodgins@2:250/1 to All on Sun Mar 31 16:00:56 2024
    On Sun, 31 Mar 2024 06:26:07 -0400, Daniel65 <[email protected]> wrote:

    David W. Hodgins wrote on 31/3/24 3:25 am:
    https://tukaani.org/xz-backdoor/

    The xz version with the backdoor never made it into Mageia. Even
    cauldron still has version 5.4.6.

    The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

    Regards, Dave Hodgins

    Hmmm! How fortunate for you to post this, David.

    I was just reading some of the posts on my Win7 NG and someone there had posted that Linux was now susceptible to Virus' so I was going to ask,
    here, if this WAS the case or was this just an example of Windows users griping!!

    Sure, Virii and 'back-doors' are not the same thing .... but still we
    have to be careful, it seems.

    Found an excellent write up explaining how it was done. A chain of minor changes
    none of which look malicious by themselves, but when looked at in combination, it becomes obvious.

    https://gynvael.coldwind.pl/?lang=en&id=782

    Regards, Dave Hodgins

    --- MBSE BBS v1.0.8.6 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From William Unruh@2:250/1 to All on Mon Apr 1 06:19:14 2024
    On 2024-03-31, Daniel65 <[email protected]> wrote:
    David W. Hodgins wrote on 31/3/24 3:25 am:
    https://tukaani.org/xz-backdoor/

    The xz version with the backdoor never made it into Mageia. Even
    cauldron still has version 5.4.6.

    The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

    Regards, Dave Hodgins

    Hmmm! How fortunate for you to post this, David.

    I was just reading some of the posts on my Win7 NG and someone there had posted that Linux was now susceptible to Virus' so I was going to ask,
    here, if this WAS the case or was this just an example of Windows users griping!!

    Sure, Virii and 'back-doors' are not the same thing .... but still we
    have to be careful, it seems.

    Yes, they are definitely different. One i putting a deliberate bug into
    the OS by infiltrating the OS team, the other is taking advantage of
    bugs that got put in unintentionally. Linux has always been susceptible
    to the former, Windows to the latter. But you also notice that this bug
    was discovered and (hopefully) defanged by the "many eyes" phenomena--
    you open the code to may eyes and one of them, by accident or design,
    will notice the problem early.
    And it is, we have to be observant, and willing to investigate when
    something looks fishy.Being carefull is useless in this case. There is
    nothing that a user could have done to make themselves safe from this
    bug.

    --- MBSE BBS v1.0.8.6 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)
  • From Daniel65@2:250/1 to All on Mon Apr 1 09:45:22 2024
    David W. Hodgins wrote on 1/4/24 2:00 am:
    On Sun, 31 Mar 2024 06:26:07 -0400, Daniel65
    <[email protected]> wrote:
    David W. Hodgins wrote on 31/3/24 3:25 am:
    https://tukaani.org/xz-backdoor/

    The xz version with the backdoor never made it into Mageia. Even
    cauldron still has version 5.4.6.

    The backdoor was inserted into the 5.6.0 and 5.6.1 releases.

    Regards, Dave Hodgins

    Hmmm! How fortunate for you to post this, David.

    I was just reading some of the posts on my Win7 NG and someone
    there had posted that Linux was now susceptible to Virus' so I was
    going to ask, here, if this WAS the case or was this just an
    example of Windows users griping!!

    Sure, Virii and 'back-doors' are not the same thing .... but still
    we have to be careful, it seems.

    Found an excellent write up explaining how it was done. A chain of
    minor changes none of which look malicious by themselves, but when
    looked at in combination, it becomes obvious.

    https://gynvael.coldwind.pl/?lang=en&id=782

    Regards, Dave Hodgins

    Thank you.
    --
    Daniel

    --- MBSE BBS v1.0.8.6 (Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)