Home > mailing lists

Re: Security lessons from liblzma - Mailing list pgsql-hackers

From	Thomas Munro
Subject	Re: Security lessons from liblzma
Date	March 29, 2024 22:48:35
Msg-id	CA+hUKGK4ZewHeVtnbBc_pbZRHZa6GyO=UpJ5XDmomA9Lf0xpkA@mail.gmail.com Whole thread Raw
In response to	[MASSMAIL]Security lessons from liblzma (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

On Sat, Mar 30, 2024 at 11:37 AM Bruce Momjian <bruce@momjian.us> wrote:
> You might have seen reports today about a very complex exploit added to
> recent versions of liblzma.  Fortunately, it was only enabled two months
> ago and has not been pushed to most stable operating systems like Debian
> and Ubuntu.  The original detection report is:
>
>         https://www.openwall.com/lists/oss-security/2024/03/29/4

Incredible work from Andres.  The attackers made a serious strategic
mistake: they made PostgreSQL slightly slower.

pgsql-hackers by date:

From: Bruce Momjian
Date: 29 March 2024, 22:37:24
Subject: [MASSMAIL]Security lessons from liblzma

From: Andres Freund
Date: 29 March 2024, 22:59:53
Subject: Re: Security lessons from liblzma

Re: Security lessons from liblzma - Mailing list pgsql-hackers

Previous

Next