FLOX AdvocateUpdate on xz-utils to sshd exploit
https://www.openwall.com/lists/oss-security/2024/03/30/36
Thanks to everyone who is working to investigate and mitigate this exploit!
xz tool chain compromise in February compromising versions 5.6.0 and 5.6.1
"inject malicious code, at build time, into the resulting liblzma5 library"
"resulting malicious build interferes with authentication in sshd via systemd"
https://lists.debian.org/debian-security-announce/2024/msg00057.html
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users