On Fri, Mar 29, 2024 at 10:02:14AM -0700, Gordon Tetlow wrote: > FreeBSD is not affected by the recently announced backdoor included in the > 5.6.0 and 5.6.1 xz releases. > > All supported FreeBSD releases include versions of xz that predate the > affected releases. > > The main, stable/14, and stable/13 branches do include the affected version > (5.6.0), but the backdoor components were excluded from the vendor import. > Additionally, FreeBSD does not use the upstream's build tooling, which was a > required part of the attack. Lastly, the attack specifically targeted x86_64 > Linux systems using glibc.
Hey Gordon, Is there potential for Linux jails on FreeBSD systems (ie, deployments making use of the Linxulator) to be impacted? Assuming amd64 here, too. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
