Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "News" from version "1.1.0" to "1.2.0"

Browse Source
This commit is contained in:
inference 2024-04-01 20:56:49 +00:00
parent 6beba08b9c
commit 526efa9d52
Signed by: inference
SSH Key Fingerprint: SHA256:K/a677+eHm7chi3X4s77BIpLTE9Vge1tsv+jUL5gI+Y
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
news.xhtml
View File

@ -1,7 +1,7 @@
<!DOCTYPE html>
<!-- Inferencium - Website - News -->
<!-- Version: 1.1.0 -->
<!-- Version: 1.2.0 -->
<!-- Copyright 2024 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -48,7 +48,9 @@
<h2><a href="#2024-04-01">2024-04-01</a></h2>
<article id="key-ssh-update-20240401">
<h3><a href="#key-ssh-update-20240401">SSH Key Update</a></h3>
<p>On 2024-03-29, a backdoor was discovered in the
<p>On 2024-03-29, a
<a href="https://www.openwall.com/lists/oss-security/2024/03/29/4">backdoor was publicly disclosed</a>
in the
<a href="https://git.tukaani.org/?p=xz.git">xz-utils</a>
software. Inferencium systems <strong><em>did</em></strong> have the affected versions of
this software installed, and the tools were used. The software has since been downgraded to
@ -71,10 +73,11 @@
<p>The <em>only</em> criteria met by Inferencium systems is amd64 as the system
architecture; this is not enough for the backdoor to be effective. Even if all criteria
other than running glibc were met, Inferencium systems would still be unaffected by this
attack due to musl not supporting the required <code>IFUNC</code> functionality.</p>
attack due to musl not supporting the required <code>IFUNC</code> functionality which
the backdoor seems heavily dependent on.</p>
<p><strong>Despite the evidence, it is unknown exactly what this malicious code does and is
capable of in entirety. As a precautionary measure, I have generated a new SSH key and
classifed the previous key as compromised. You can find my new key on the
classified the previous key as compromised. You can find my new key on the
<a href="key.xhtml#ssh-current-2">Key webpage</a>.</strong></p>
<p>There is no evidence that my previous key was compromised, so this is entirely a
precautionary measure. All files and Git commits, tags, and releases signed with the