| From: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security lessons from liblzma |
| Date: | 2024-03-29 22:48:35 |
| Message-ID: | CA+hUKGK4ZewHeVtnbBc_pbZRHZa6GyO=UpJ5XDmomA9Lf0xpkA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Mar 30, 2024 at 11:37 AM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> You might have seen reports today about a very complex exploit added to
> recent versions of liblzma. Fortunately, it was only enabled two months
> ago and has not been pushed to most stable operating systems like Debian
> and Ubuntu. The original detection report is:
>
> https://www.openwall.com/lists/oss-security/2024/03/29/4
Incredible work from Andres. The attackers made a serious strategic
mistake: they made PostgreSQL slightly slower.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2024-03-29 22:59:53 | Re: Security lessons from liblzma |
| Previous Message | Bruce Momjian | 2024-03-29 22:37:24 | Security lessons from liblzma |