Hello,
Heads up to all sysadmins.
At a quick glance zimbra supported operating systems aren't affected, but I haven't confirmed this.
Only official announcement found so far was from red hat:
https://access.redhat.com/security/cve/ ... ve-cvss-v3
This supply-chain attack is concerning to say the least, here's the commit from Feb. 23rd that injected the backdoor.
https://github.com/tukaani-project/xz/c ... 1e274f63c0
First report.
https://www.openwall.com/lists/oss-secu ... 24/03/29/4
Check your distros.
Heads up to all sysadmins.
At a quick glance zimbra supported operating systems aren't affected, but I haven't confirmed this.
Only official announcement found so far was from red hat:
https://access.redhat.com/security/cve/ ... ve-cvss-v3
This supply-chain attack is concerning to say the least, here's the commit from Feb. 23rd that injected the backdoor.
https://github.com/tukaani-project/xz/c ... 1e274f63c0
First report.
https://www.openwall.com/lists/oss-secu ... 24/03/29/4
Check your distros.
Statistics: Posted by zmcontrol — Fri Mar 29, 2024 11:11 pm