I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
@AndresFreundTec congrats and thank you for the investigation- IMO this is going to go down as the vuln of the decade. What a find.
@dgilman Unfortunately I suspect we'll see a lot more such attacks going forward, in all likelihood with more success in some cases.
@AndresFreundTec @dgilman
This is insane. I expect full-fledged articles out soon, but another interesting bit in https://news.ycombinator.com/item?id=39866275 :
"the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of it's "great new features""
This is CVE-2024-3094 for easier tracking.