dopeytree Posted April 4 Posted April 4 (edited) I found it easier to just open each containers console and paste xz --version The result was the newer compromised XY version had only been used in Binhex apps. So I stopped those running & may swap to linuxServer containers? What are others choosing? Probably all irrelevant anyway as not running an SSH server. Edited April 4 by dopeytree Quote
Terebi Posted April 4 Posted April 4 11 hours ago, dopeytree said: I found it easier to just open each containers console and paste xz --version The result was the newer compromised XY version had only been used in Binhex apps. So I stopped those running & may swap to linuxServer containers? What are others choosing? Probably all irrelevant anyway as not running an SSH server. The binhex apps run arch, and do not have SSH running, so are not exploitable even if you have the bad versions. . Just wait for the next version of the binhex images to come out. 1 1 Quote
ullibelgie Posted April 7 Posted April 7 @iXNyNe the latest build of Digikam of Linuxserver.io is also infected with XZ utils version 5.6.1 How can we inform Linuxserver.io community ? If there is someone who knows how to reach them to drop a note the development team would be appreciated... In the meantime I better keep this docker blocked on my server Quote
iXNyNe Posted April 7 Posted April 7 44 minutes ago, ullibelgie said: @iXNyNe the latest build of Digikam of Linuxserver.io is also infected with XZ utils version 5.6.1 How can we inform Linuxserver.io community ? If there is someone who knows how to reach them to drop a note the development team would be appreciated... In the meantime I better keep this docker blocked on my server The version of xz in our latest release of digikam (and our kasm arch base image) is 5.6.1-3 which has been patched according to https://security.archlinux.org/AVG-2851 1 Quote
ullibelgie Posted April 7 Posted April 7 Many thanks for info about AVG-2851... so I can use the docker again .... Quote
dopeytree Posted April 8 Posted April 8 17 hours ago, ullibelgie said: @iXNyNe the latest build of Digikam of Linuxserver.io is also infected with XZ utils version 5.6.1 How can we inform Linuxserver.io community ? If there is someone who knows how to reach them to drop a note the development team would be appreciated... In the meantime I better keep this docker blocked on my server https://github.com/linuxserver/docker-digikam/issues/new/choose Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.