Re: Security lessons from liblzma
| От | Bruce Momjian |
|---|---|
| Тема | Re: Security lessons from liblzma |
| Дата | |
| Msg-id | Zgsf3wCRUeHKGigu@momjian.us обсуждение исходный текст |
| Ответ на | [MASSMAIL]Security lessons from liblzma (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-hackers |
On Fri, Mar 29, 2024 at 06:37:24PM -0400, Bruce Momjian wrote: > You might have seen reports today about a very complex exploit added to > recent versions of liblzma. Fortunately, it was only enabled two months > ago and has not been pushed to most stable operating systems like Debian > and Ubuntu. The original detection report is: > > https://www.openwall.com/lists/oss-security/2024/03/29/4 I was watching this video about the exploit: https://www.youtube.com/watch?v=bS9em7Bg0iU and at 2:29, they mention "hero software developer", our own Andres Freund as the person who discovered the exploit. I noticed the author's name at the openwall email link above, but I assumed it was someone else with the same name. They mentioned it was found while researching Postgres performance, and then I noticed the email address matched! I thought the analogy he uses at the end of the video is very clear. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
В списке pgsql-hackers по дате отправления: