Bonjour Cédric, We can't; you must do it yourself by sending an email (even a blank one) to:
freebsd-security+unsubscr...@freebsd.org ---------------------------------------- 2024-04-07T11:57:04Z Cédric Weis <ha...@free.fr>: > Unsubscribe me please. I don't know how to to it by myself. > > Le 07/04/2024 11:35, « Chen, Alvin W » <owner-freebsd-security@freebsdorg > <mailto:owner-freebsd-secur...@freebsd.org> au nom de weike.c...@dell.com > <mailto:weike.c...@dell.com>> a écrit : > > >>>> All supported FreeBSD releases include versions of xz that predate the >> affected releases. >>>> >>>> The main, stable/14, and stable/13 branches do include the affected version >> (5.6.0), but the backdoor components were excluded from the vendor import. >> Additionally, FreeBSD does not use the upstream's build tooling, which was a >> required part of the attack. Lastly, the attack specifically targeted x86_64 >> Linux >> systems using glibc. >>> >>> Hey Gordon, >>> >>> Is there potential for Linux jails on FreeBSD systems (ie, deployments >>> making use of the Linxulator) to be impacted? Assuming amd64 here, >>> too. >> >> Hard to say for certain, but I suspect the answer is yes. If the jail has the >> vulnerable software installed, there is a decent chance it would be >> affected. At >> that point, I would refer to the vulnerability statement published by the >> Linux >> distro the jail is based on. I don’t believe the vulnerability has any kernel >> dependencies that FreeBSD would provide protection. >> >> Certainly, in the world of being conservatively cautious, I would immediately >> address any such Linux jails. >> >> Gordon > My understanding is: the 'xz' built from FreeBSD is not impacted, but the > 'xz' built from Linux and run based on FreeBSD Linux ABI could be impacted. > Please correct my if I am wrong. > > > Internal Use - Confidential
