trekkie.forever 6 Posted ... Hello, The recently discovered xz utils backdoor https://www.schneier.com/blog/archives/2024/04/xz-utils-backdoor.html Is the AirVPN infrastructure susceptible to this? Thanks. Quote Share this post Link to post
DogeX 8 Posted ... 1 hour ago, trekkie.forever said: Hello, The recently discovered xz utils backdoor https://www.schneier.com/blog/archives/2024/04/xz-utils-backdoor.html Is the AirVPN infrastructure susceptible to this? Thanks. probably not as the backdoor was pushed only in unstable version of some Linux distros, I doubt that Airvpn run on unstable distros Quote Share this post Link to post
OpenSourcerer 1442 Posted ... At most the OpenVPN over SSH connection method might be vulnerable. The vast majority uses OpenVPN or Wireguard directly, so the impact is very small. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 10015 Posted ... 23 hours ago, trekkie.forever said: Is the AirVPN infrastructure susceptible to this? Hello! No, it was not and it is not. Every and each machine runs on non-affected Operating Systems, typically FreeBSD and Debian 12. Debian 12 trivially is not affected because it does not include (in the official repositories we point at) the exploited xz versions 5.6.0 / 5.6.1 (and of course we did not build them from git) while in FreeBSD: Quote the backdoor components were excluded from the vendor import. Additionally, FreeBSD does not use the upstream's build tooling, which was a required part of the attack. Lastly, the attack specifically targeted x86_64 Linux systems using glibc Gordon Tetlow, security officer, https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html). Kind regards 2 knighthawk and Stalinium reacted to this Quote Share this post Link to post