Mar 29 2024 - xz/liblzma potential compromise

Someone passed this around a discord that i'm in and figured i'd share here given Debian usage. It was posted today Date: Fri, 29 Mar 2024 08:51:26 -0700 https://www.openwall.com/lists/oss-security/2024/03/29/4 Excerpt: == Compromised Repository == The files containing the bulk of the exploit are in an obfuscated form in tests/files/bad-3-corrupt_lzma2.xz tests/files/good-large_compressed.lzma committed upstream. They were initially added in https://github.com/tukaani-projec

By jonfive, March 29
31 replies

Unraid 6.12.9 is also unaffected with version 5.4.1. Popular docker containers with 5.6(.1) I found: - binhex/arch-prowlarr - binhex/arch-sabnzbd - binhex/arch-sonarr It seems binhex/arch-radarr is unaffected with version 5.4.5.