xz-utils 在 github 上发布的 tarball 的 m4 中包含了恶意后门代码
https://www.openwall.com/lists/oss-security/2024/03/29/4 (英文)
https://lists.debian.org/debian-security-announce/2024/msg00057.html (英文)
==== 忙着查资料的被子饼 ====
目前的证据表明这个后门仅影响部分 Debian/Ubuntu/Fedora/openSUSE 的预发布版本,且均已发布回退更新
目前确定曾受影响的发行版:
Debian unstable/testing between 2024-02-26 and 2024-03-29
Ubuntu noble-proposed between 2024-02-26 and 2024-03-29
Fedora 40/41 between 2024-02-27 and 2024-03-29
openSUSE Tumbleweed between 2024-03-07 and 2024-03-28
https://www.openwall.com/lists/oss-security/2024/03/29/4 (英文)
https://lists.debian.org/debian-security-announce/2024/msg00057.html (英文)
==== 忙着查资料的被子饼 ====
目前的证据表明这个后门仅影响部分 Debian/Ubuntu/Fedora/openSUSE 的预发布版本,且均已发布回退更新
目前确定曾受影响的发行版:
Debian unstable/testing between 2024-02-26 and 2024-03-29
Ubuntu noble-proposed between 2024-02-26 and 2024-03-29
Fedora 40/41 between 2024-02-27 and 2024-03-29
openSUSE Tumbleweed between 2024-03-07 and 2024-03-28
