Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.project > #14028 > unrolled thread
| Started by | "William Richards #SaveOurInternet" <corpseleague@gmail.com> |
|---|---|
| First post | 2025-11-21 19:10 +0100 |
| Last post | 2025-11-23 21:20 +0100 |
| Articles | 5 — 3 participants |
Back to article view | Back to linux.debian.project
about XZ backdoor "William Richards #SaveOurInternet" <corpseleague@gmail.com> - 2025-11-21 19:10 +0100
Re: about XZ backdoor <tomas@tuxteam.de> - 2025-11-21 23:30 +0100
Re: about XZ backdoor Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-23 19:10 +0100
Re: about XZ backdoor <tomas@tuxteam.de> - 2025-11-23 19:20 +0100
Re: about XZ backdoor Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-23 21:20 +0100
| From | "William Richards #SaveOurInternet" <corpseleague@gmail.com> |
|---|---|
| Date | 2025-11-21 19:10 +0100 |
| Subject | about XZ backdoor |
| Message-ID | <LTDK1-eGHo-1@gated-at.bofh.it> |
[Multipart message — attachments visible in raw view] — view raw
Would the backdoor have affected any Debian Linux web servers or cloud environments? Also how bad is the actual backdoor? Does the backdoor activate on your system while you’re writing it to be a part of the binary of another program? Also with targeting x86-64 does it just mean Linux computers that use x86-64? - 1 million top web servers use Linux - Linux powers most of Global Cloud Environment - 500 supercomputers use Linux - Android is based off Linux
[toc] | [next] | [standalone]
| From | <tomas@tuxteam.de> |
|---|---|
| Date | 2025-11-21 23:30 +0100 |
| Message-ID | <LTHND-eJgv-3@gated-at.bofh.it> |
| In reply to | #14028 |
[Multipart message — attachments visible in raw view] — view raw
On Fri, Nov 21, 2025 at 11:22:15AM +0000, William Richards #SaveOurInternet wrote: > Would the backdoor have affected any Debian Linux web servers or cloud > environments? > Also how bad is the actual backdoor? Does the backdoor activate on your > system while you’re writing it to be a part of the binary of another > program? Also with targeting x86-64 does it just mean Linux computers that > use x86-64? > > - 1 million top web servers use Linux > - Linux powers most of Global Cloud Environment > - 500 supercomputers use Linux > - Android is based off Linux Actually, if you do you homework, you can find out for yourself. Start here: https://en.wikipedia.org/wiki/Xz_backdoor and follow the relevant links. Cheers -- t
[toc] | [prev] | [next] | [standalone]
| From | Richard Lewis <richard.lewis.debian@googlemail.com> |
|---|---|
| Date | 2025-11-23 19:10 +0100 |
| Message-ID | <LUmH7-fcLt-45@gated-at.bofh.it> |
| In reply to | #14029 |
<tomas@tuxteam.de> writes: > On Fri, Nov 21, 2025 at 11:22:15AM +0000, William Richards #SaveOurInternet wrote: >> Would the backdoor have affected any Debian Linux web servers or cloud >> environments? >> Also how bad is the actual backdoor? Does the backdoor activate on your >> system while you’re writing it to be a part of the binary of another >> program? Also with targeting x86-64 does it just mean Linux computers that >> use x86-64? >> >> - 1 million top web servers use Linux >> - Linux powers most of Global Cloud Environment >> - 500 supercomputers use Linux >> - Android is based off Linux > > Actually, if you do you homework, you can find out for yourself. Start > here: > > https://en.wikipedia.org/wiki/Xz_backdoor Is there also a write-up of Debian's response and/or learning from this incident?
[toc] | [prev] | [next] | [standalone]
| From | <tomas@tuxteam.de> |
|---|---|
| Date | 2025-11-23 19:20 +0100 |
| Message-ID | <LUmQN-fcQi-5@gated-at.bofh.it> |
| In reply to | #14030 |
[Multipart message — attachments visible in raw view] — view raw
On Sun, Nov 23, 2025 at 05:33:01PM +0000, Richard Lewis wrote: > <tomas@tuxteam.de> writes: [...] > > Actually, if you do you homework, you can find out for yourself. Start > > here: > > > > https://en.wikipedia.org/wiki/Xz_backdoor > > Is there also a write-up of Debian's response and/or learning from this incident? Follow link #21 in the above reference. Cheers -- t
[toc] | [prev] | [next] | [standalone]
| From | Richard Lewis <richard.lewis.debian@googlemail.com> |
|---|---|
| Date | 2025-11-23 21:20 +0100 |
| Message-ID | <LUoIV-fecY-3@gated-at.bofh.it> |
| In reply to | #14031 |
<tomas@tuxteam.de> writes: > On Sun, Nov 23, 2025 at 05:33:01PM +0000, Richard Lewis wrote: >> > https://en.wikipedia.org/wiki/Xz_backdoor >> >> Is there also a write-up of Debian's response and/or learning from this incident? > > Follow link #21 in the above reference. well that is about fixing the specific cve, but that's not really the same as a write-up of the overall response, which involved lots of people doing lots of things
[toc] | [prev] | [standalone]
Back to top | Article view | linux.debian.project
csiph-web