1. Forum
  2. FidoNet
  3. linux.debian.project

  • about XZ backdoor

    From William Richards #SaveOurInternet@3:633/10 to All on Friday, November 21, 2025 19:10:01
    Would the backdoor have affected any Debian Linux web servers or cloud environments?
    Also how bad is the actual backdoor? Does the backdoor activate on your
    system while you?re writing it to be a part of the binary of another
    program? Also with targeting x86-64 does it just mean Linux computers that
    use x86-64?
    - 1 million top web servers use Linux
    - Linux powers most of Global Cloud Environment
    - 500 supercomputers use Linux
    - Android is based off Linux


    --- PyGate Linux v1.5.1
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From tomas@3:633/10 to All on Friday, November 21, 2025 23:30:01
    On Fri, Nov 21, 2025 at 11:22:15AM +0000, William Richards #SaveOurInternet wrote:
    Would the backdoor have affected any Debian Linux web servers or cloud environments?
    Also how bad is the actual backdoor? Does the backdoor activate on your system while you?re writing it to be a part of the binary of another
    program? Also with targeting x86-64 does it just mean Linux computers that use x86-64?

    - 1 million top web servers use Linux
    - Linux powers most of Global Cloud Environment
    - 500 supercomputers use Linux
    - Android is based off Linux
    Actually, if you do you homework, you can find out for yourself. Start
    here:
    https://en.wikipedia.org/wiki/Xz_backdoor
    and follow the relevant links.
    Cheers
    --
    t


    --- PyGate Linux v1.5.1
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Richard Lewis@3:633/10 to All on Sunday, November 23, 2025 19:10:01
    <tomas@tuxteam.de> writes:

    On Fri, Nov 21, 2025 at 11:22:15AM +0000, William Richards #SaveOurInternet wrote:
    Would the backdoor have affected any Debian Linux web servers or cloud
    environments?
    Also how bad is the actual backdoor? Does the backdoor activate on your
    system while you?re writing it to be a part of the binary of another
    program? Also with targeting x86-64 does it just mean Linux computers that >> use x86-64?

    - 1 million top web servers use Linux
    - Linux powers most of Global Cloud Environment
    - 500 supercomputers use Linux
    - Android is based off Linux

    Actually, if you do you homework, you can find out for yourself. Start
    here:

    https://en.wikipedia.org/wiki/Xz_backdoor

    Is there also a write-up of Debian's response and/or learning from this incident?

    --- PyGate Linux v1.5.1
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From tomas@3:633/10 to All on Sunday, November 23, 2025 19:20:01
    On Sun, Nov 23, 2025 at 05:33:01PM +0000, Richard Lewis wrote:
    <tomas@tuxteam.de> writes:
    [...]
    Actually, if you do you homework, you can find out for yourself. Start here:

    https://en.wikipedia.org/wiki/Xz_backdoor

    Is there also a write-up of Debian's response and/or learning from this incident?
    Follow link #21 in the above reference.
    Cheers
    --
    t


    --- PyGate Linux v1.5.1
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Richard Lewis@3:633/10 to All on Sunday, November 23, 2025 21:20:01
    <tomas@tuxteam.de> writes:

    On Sun, Nov 23, 2025 at 05:33:01PM +0000, Richard Lewis wrote:

    https://en.wikipedia.org/wiki/Xz_backdoor

    Is there also a write-up of Debian's response and/or learning from this incident?

    Follow link #21 in the above reference.

    well that is about fixing the specific cve, but that's not really the
    same as a write-up of the overall response, which involved lots of
    people doing lots of things

    --- PyGate Linux v1.5.1
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)