xz/liblzma has been compromised

31 views
Skip to first unread message

Dima Pasechnik

unread,
Mar 29, 2024, 3:18:25 PMMar 29
to sage-devel, sage-support, sage-release
https://www.openwall.com/lists/oss-security/2024/03/29/4

if your have xz 5.6.0 or 5.6.1 installed (e.g. Debian testing/unstable)
you have a backdoored xz.

Dima Pasechnik

unread,
Mar 29, 2024, 3:36:31 PMMar 29
to sage-devel, sage-support, sage-release, Isuru Fernando
aand Conda: https://anaconda.org/anaconda/xz shows version 5.6.1

Dima Pasechnik

unread,
Mar 29, 2024, 3:45:33 PMMar 29
to sage-devel, sage-support, sage-release, Isuru Fernando
and Homebrew.
Please upgrade your Homebrew. It should do a downgrade:

`brew upgrade` now "upgrades" xz from 5.6.1 -> 5.4.6
Reply all
Reply to author
Forward
0 new messages