a month ago
Curious how everybody is remediating that new supply chain vulnerability for XZ.
My security team sent me this link - xz-backdoor-attack
I'm guessing an EA to locate non-patched versions, but what about deploying/updating the version? I'm guessing a lot of them were done using brew.
a month ago - last edited a month ago
I ran a ‘which xz’ on all devices with brew installed and only a few had it installed.. brew update downgrades it.
not that it an actual issue on macOS
a month ago
I'm not a security expert, but according to this, it's only a vulnerability on Linux distros not BSD like macOS.
https://lwn.net/Articles/968084/
4 weeks ago
@jwojda afaik macOS is not really impacted.
But since xt 5.6.0 and 5.6.1 have been taken off homebrew as well, I decided to run a script that let brew update (well, actually downgrade in this case) xz to the latest recommended version.
If you are interested, have look at this: https://github.com/adibue/brew-xz-patcher/