HardenedBSD Unaffected By CVE-2024-3094 (Backdoor in xz/lzma 5.6.0/5.6.1)

A backdoor targeting amd64 linux glibc based systems was recently found in the xz project. The versions of xz impacted are 5.6.0 and 5.6.1.

Neither FreeBSD nor HardenedBSD are directly affected by this issue. However, I suspect that those running an amd64 linux glibc jail on FreeBSD (or HardenedBSD) have the potential to be affected.

Note that the linux.ko and linux64.ko kernel modules are tagged as insecure/untrustworthy by default in HardenedBSD. Those wishing to deploy a Linux environment on HardenedBSD must explicitly enable the Linux syscall translation kernel modules (linux.ko and linux64.ko).