starman@programming.dev to

Nix / NixOS@programming.devEnglish · 7 months ago

How the xz backdoor highlights a major flaw in Nix | Shade's Blog

shadeyg56.vercel.app

11

cross-posted to:
linux@lemmy.ml

35

How the xz backdoor highlights a major flaw in Nix | Shade's Blog

shadeyg56.vercel.app

starman@programming.dev to

Nix / NixOS@programming.devEnglish · 7 months ago

11

cross-posted to:
linux@lemmy.ml

Background On Friday, March 29th, 2024, a historical and sophisticated security vulnerability (CVE-2024-3094) was discovered in the XZ Utils package and liblzma api in version 5.6.0 and 5.6.1. While this vulnerability mostly affects Debian and RedHat distributions, there was some interesting discussion regarding xz and Nix. How did this affect Nix and NixOS? The truth is not a whole lot in reality. I saw conflicting reports, but supposedly, the tarballs of xz that Nix downloads were not infected.

Chat

onlinepersona@programming.dev
link
fedilink
English
arrow-up
4
arrow-down
1·
7 months ago
Do you have an RSS feed of CVEs impacting Nixos?

Anti Commercial AI thingy

CC BY-NC-SA 4.0
- λλλ@programming.dev
  link
  fedilink
  English
  arrow-up
  2·
  7 months ago
  I believe the point they were making is that if you are techy enough to use nix, they are likely the type to keep up to date with news like this.

Nix / NixOS@programming.dev

nix@programming.dev

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !nix@programming.dev

Main links

Videos

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
9 users / week
163 users / month
688 users / 6 months
1 local subscriber
1.73K subscribers
181 Posts
731 Comments
Modlog