Talk:XZ Utils: Difference between revisions

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Linux Mid‑importance This article is within the scope of WikiProject Linux, a collaborative effort to improve the coverage of Linux on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.LinuxWikipedia:WikiProject LinuxTemplate:WikiProject LinuxLinux Mid This article has been rated as Mid-importance on the project's importance scale. Computing: Software / Security / Free and open-source software Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as Mid-importance). This article is supported by WikiProject Computer Security (assessed as Mid-importance). This article is supported by Free and open-source software (assessed as Mid-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Instead, it's literally just a manual page for the command line interface.2600:1015:B128:AD42:10F0:916:7055:A3DE (talk) 07:59, 15 February 2019 (UTC)[reply]

Yep. I have renamed the section to Usage. —Fezzy1347^{Let's chat} 21:25, 5 February 2021 (UTC)[reply]

Debian has located a major vulnerability in the code and shown that the liblzma code base in compromised. I think the wiki article should reference this.

Relevant Link https://www.openwall.com/lists/oss-security/2024/03/29/4 Vigh m (talk) 17:09, 29 March 2024 (UTC)[reply]

I second this. It's probably worth noting that many affected distributions have released patches for it, however at this stage nobody knows a whole lot about what's happened as far as I can see.

Archlinux announcement: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Debian stable announcement: https://lists.debian.org/debian-security-announce/2024/msg00057.html

RedHat announcement (relevant to RHEL, Fedora): https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users Pave unpaved (talk) 06:51, 30 March 2024 (UTC)[reply]

I added Alpine Linux to the list of affected Linux distros, but I'm not sure whether to include the page within their security database (https://security.alpinelinux.org/vuln/CVE-2024-3094), or the affected commit (https://gitlab.alpinelinux.org/alpine/aports/-/commit/11bc4fbf6b6fe935f77e45706b1b8a2923b2b203). I cited the latter, but should I change it to the page in the security database? Mintphin (talk) 16:35, 30 March 2024 (UTC)[reply]

After some talk with people involved in the project, Alpine is unaffected due to the attack using a function implemented in glibc but not on musl libc, which Alpine uses. Mintphin (talk) 16:48, 30 March 2024 (UTC)[reply]