On Thu, Apr 04, 2024 at 09:17:18PM +0000, Katherine Mcmillan wrote: > I have seen the following comment, or similar, in several articles now: > "On Friday, a lone Microsoft developer rocked the world when he revealed a > backdoor<https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/> > had been intentionally planted in xz Utils, an open source data compression > utility available on almost all installations of Linux and other Unix-like > operating systems." > https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ > > There are a couple of problems with this statement, but I just want to focus > in on the "almost all installations of Linux and other Unix-like operating > systems" part. From my understanding, it is certainly almost all > installations of Linux​, but the "and other Unix-like operating systems" > doesn't seem founded. From what I understand, this backdoor would not affect > any flavour of *BSD, or of illumos for that matter (ex. smartOS), or QNX, or > Solaris. Just for clarity, does anyone know what "Unix-like operating > systems" would be affected by this?
I think this might be an issue of how you're parsing the statement. It sounds like you're reading this as the exploit being available on those systems. However, when I read the line, I interpret as "xz Utils ... [is] available on almost all installations of Linux and other Unix-like operating systems," which is true. That does not necessarily suggest that they're all affected by the vulnerability. Eric
