bkrawczyk
mistersixthttps://boehs.org/node/everything-i-know-about-the-xz-backdoor
Further investigations concerning #libzma !
@howtophil it is and should be a wake up call for open source community. It's all based on trust.
@howtophil it has nothing to do with stable or unstable builds (builds of what exactly?). It was a stable release of xz. There are rolling-release distributions and packaging systems that would have just pulled it in. And that's exactly what happened.
And which system do you mean? Nobody maintaining the package for Debian, Fedora, Kali, openSUSE found it. It was a random guy from Microsoft that randomly discovered it - not the "system".
#xz #libzma #backdoor #security #cve #CVE20243094
DebbyA Backdoor in XZ Utils was found!
To know if you are affected rune:
xz -V in your terminal
if like me you have XZ 5.6.0 or XZ 5.6.1 downgrade XZ Utils to an earlier version, such as 5.4.6 (Stable) or disable ssh
Malicious backdoor found in ssh libraries https://www.youtube.com/watch?v=jqjtNDtbDNI
Are You Affected by the Backdoor in XZ Utils?
https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils
https://openwall.com/lists/oss-security/2024/03/29/4
https://archlinux.org/news/the-xz-package-has-been-backdoored/
#leak #backdoor #ssh #Internet #xz #linux #rsa #libzma #openssh #ssh
malicious backdoor found in ssh libraries
CCC Freiburgxz or not xz , thats the question?
ugly, mode: alles anzünden
"Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing."
#leak #backdoor #ssh #Internet #xz #linux #rsa #libzma #openssh #CVE20243094 #sicherheitslücke
https://www.youtube.com/watch?v=jqjtNDtbDNI
https://openwall.com/lists/oss-security/2024/03/29/4
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://sc.tarnkappe.info/d941c4