Hey all,
A backdoor targeting amd64 linux glibc based systems was recently
found in the xz project. A link to the oss-security mailing list
announcement post is included below. The versions of xz impacted are
5.6.0 and 5.6.1.
Neither FreeBSD nor HardenedBSD are directly affected by this issue.
However, I suspect that those running an amd64 linux glibc jail on
FreeBSD (or HardenedBSD) have the potential to be affected.
Note that the linux.ko and linux64.ko kernel modules are tagged as
insecure/untrustworthy by default in HardenedBSD. Those wishing to
deploy a Linux environment on HardenedBSD must explicitly enable the
Linux syscall translation kernel modules (linux.ko and linux64.ko).
Please let me know if you have any questions, comments, or concerns.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal:
+1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc