diff options
author | Sam James <sam@gentoo.org> | 2024-05-29 19:07:52 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-05-29 19:08:17 +0100 |
commit | 23f9961964e4ef86fe4fed4e36f8f2cbe2b47dfe (patch) | |
tree | 0eb36efdc851e90af737ea2be94897c60e7d462c | |
parent | [ GLSA 202405-33 ] PoDoFo: Multiple Vulnerabilities (diff) | |
download | glsa-23f9961964e4ef86fe4fed4e36f8f2cbe2b47dfe.tar.gz glsa-23f9961964e4ef86fe4fed4e36f8f2cbe2b47dfe.tar.bz2 glsa-23f9961964e4ef86fe4fed4e36f8f2cbe2b47dfe.zip |
[ GLSA 202403-04 ] XZ utils: update for fixed versions
Bug: https://bugs.gentoo.org/928134
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | glsa-202403-04.xml | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/glsa-202403-04.xml b/glsa-202403-04.xml index abe20743..51f84120 100644 --- a/glsa-202403-04.xml +++ b/glsa-202403-04.xml @@ -5,13 +5,15 @@ <synopsis>A backdoor has been discovered in XZ utils that could lead to remote compromise of systems.</synopsis> <product type="ebuild">xz-utils</product> <announced>2024-03-29</announced> - <revised count="1">2024-03-29</revised> + <revised count="2">2024-05-29</revised> <bug>928134</bug> <access>remote</access> <affected> <package name="app-arch/xz-utils" auto="yes" arch="*"> <unaffected range="lt">5.6.0</unaffected> - <vulnerable range="ge">5.6.0</vulnerable> + <unaffected range="gt">5.6.1</unaffected> + <vulnerable range="eq">5.6.0</vulnerable> + <vulnerable range="eq">5.6.1</vulnerable> </package> </affected> <background> @@ -32,10 +34,14 @@ Analysis is still ongoing, however, and additional vectors may still be identifi <p>There is no known workaround at this time.</p> </workaround> <resolution> - <p>All XZ utils users should downgrade to the latest version before the backdoor was introduced:</p> + <p>All XZ utils users should upgrade to the latest fixed version, or downgrade to the latest version before the backdoor was introduced:</p> <code> # emerge --sync + # emerge --ask --oneshot --verbose ">app-arch/xz-utils-5.6.1" + </code> + <code> + # emerge --sync # emerge --ask --oneshot --verbose "<app-arch/xz-utils-5.6.0" </code> </resolution> |