Re: making Debian secure by default

To: debian-user@lists.debian.org
Subject: Re: making Debian secure by default
From: Andy Smith <andy@strugglers.net>
Date: Fri, 29 Mar 2024 20:07:28 +0000
Message-id: <[🔎] ZgcfgGuQZciqiANM@mail.bitfolk.com>
In-reply-to: <[🔎] 87msqggbld.fsf@alfa.kjonca>
References: <ImJa1-27aa-1@gated-at.bofh.it> <ImKz7-28aw-1@gated-at.bofh.it> <ImPyN-2bh9-3@gated-at.bofh.it> <ImY94-2heG-5@gated-at.bofh.it> <ImZRv-2iJ8-1@gated-at.bofh.it> <In22Z-2kwg-5@gated-at.bofh.it> <InnK9-2z9u-1@gated-at.bofh.it> <[🔎] 87msqggbld.fsf@alfa.kjonca>

Hello,

On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jońca wrote:
> Andy Smith <andy@strugglers.net> writes:
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
> >
> > (Upstream xz/lzma project compromised, hostile code inserted into
> > sshd in Debian sid and other leading edge distros.)
> 
> O-o, is there any simple test to check if I have infected version or
> not?

Reading the link fully would show you how, but as far as Debian ics
concerned it only made it to testing and sid. If you run either of
those then Debian's own security announcements cover it.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- Re: making Debian secure by default
  - From: Kamil Jońca <kjonca@o2.pl>

Prev by Date: Re: Fwd: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
Next by Date: Re: making Debian secure by default
Previous by thread: Re: making Debian secure by default
Next by thread: Re: making Debian secure by default
Index(es):
- Date
- Thread