xz/liblzma has been compromised

77 views

Skip to first unread message

unread,

Mar 29, 2024, 3:18:20 PMMar 29

to sage-devel, sage-support, sage-release

https://www.openwall.com/lists/oss-security/2024/03/29/4

if your have xz 5.6.0 or 5.6.1 installed (e.g. Debian testing/unstable)
you have a backdoored xz.

unread,

Mar 29, 2024, 3:36:27 PMMar 29

to sage-devel, sage-support, sage-release, Isuru Fernando

aand Conda: https://anaconda.org/anaconda/xz shows version 5.6.1

unread,

Mar 29, 2024, 3:45:27 PMMar 29

to sage-devel, sage-support, sage-release, Isuru Fernando

and Homebrew.
Please upgrade your Homebrew. It should do a downgrade:

`brew upgrade` now "upgrades" xz from 5.6.1 -> 5.4.6

unread,

Mar 30, 2024, 7:56:53 AMMar 30

to sage-release

Thanks!

unread,

Apr 1, 2024, 9:55:35 AMApr 1

to sage-release

FWIW, Debian's security has reverted to 5.4.1 on Mar 28.

Many thanks for the lookup !

Reply all

Reply to author

Forward

0 new messages