XZ
Page content
MacOS
even MacOS seems not hardly affected, better safe than sorry !
# get Version
brew info xz
# Cleanup Cache
brew cleanup -v -s --prune=all
# Downgrade
brew reinstall xz
# Update
brew update
# Upgrade
brew upgrade
# reboot
reboot
# confirm, 5.4.6 should be fine
xz -V
Links
- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://nvd.nist.gov/vuln/detail/CVE-2024-3094
- https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils
- https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
- https://github.com/orgs/Homebrew/discussions/5243
- https://github.com/amlweems/xzbot
- https://www.nzz.ch/technologie/xz-luecke-der-verrueckteste-angriff-ein-programmierer-entdeckt-per-zufall-eine-gefaehrliche-hintertuere-im-code-wohl-von-einem-geheimdienst-ld.1824766
- https://www.deepfactor.io/an-accidental-discovery-of-a-backdoor-likely-prevented-thousands-of-infections/
- fun: https://infosec.exchange/@tinker/112196180295212632
Any Comments ?
sha256: d2d6b0518ee60fc80381a2fb44dee61d06c02a7d4182045ff25d59f4894d1a10