Re: CVE-2024-3094: malicious code in xz 5.6.0 and xz 5.6.1
- In reply to: sthaug_a_nethelp.no: "Re: CVE-2024-3094: malicious code in xz 5.6.0 and xz 5.6.1"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 04 Apr 2024 06:13:02 UTC
Am Thu, 04 Apr 2024 08:06:26 +0200 (CEST) sthaug@nethelp.no schrieb: > >> I have to report to my superiors (we're using 14-STABLE and CURRENT > >> and I do so in private), > >> so I would like to welcome any comment on that. > > > > No it does not affect FreeBSD. > > > > The autoconf script checks that it is running in a RedHat or Debian > > package build environment before trying to proceed. There are also > > checks for GCC and binutils ld.bfd. And I'm not sure that the payload > > (a precompiled Linux object file) would work with FreeBSD and > > /lib/libelf.so.2. > > > > See > > > > https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 > > See also the following message from the FreeBSD security officer: > > https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no > Thank you very much for the quick answer. Kind regards oh -- O. Hartmann