Xz library CVE is TurrisOS vulnerable?

AreYouLoco · March 29, 2024, 8:38pm

https://www.openwall.com/lists/oss-security/2024/03/29/4

AreYouLoco · March 30, 2024, 3:16pm

Seems like HBS has too old xz library and thus not vulnerable. Funny

vcunat · March 30, 2024, 9:02pm

My understanding is that the mechanism relies on glibc and thus won’t work on musl.

j_s · March 31, 2024, 3:45pm

History/timeline

rupert160 · April 2, 2024, 10:59am

The up to date TurrisOS 6.5.2 HBS has xz --version = 5.2.5 and the CVE NVD - CVE-2024-3094 states version 5.6.0+ is vulnerable, hence it’s likely your Turris is not vulnerable.

system · April 5, 2024, 10:59am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.