WillieMar 29, 2024
Ars Technica

Backdoor found in widely used Linux utility breaks encrypted SSH connections

Malicious code planted in xz Utils has been circulating for more than a month.

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Backdoor found in widely used Linux utility targets encrypted SSH connections

Malicious code planted in xz Utils has been circulating for more than a month.

Ars Technica
Mar 29, 2024 at 6:54pmArsBot 🤖
Show threadTheDarcBirdMar 29, 2024
@arstechnica
That will be fixed in 10..9..8..
Show threadSeán FenianMar 29, 2024
@arstechnica Worse, the person who almost certainly backdoored it has been working on the xz project for two years.
Show threadrobertmxMar 29, 2024
@zakalwe
That is seriously bad and probably requires all those persons commits to be reverted :-/.
@arstechnica
Show threadBill ZaumenMar 29, 2024
@arstechnica I just checked an up to date Pop!_OS system and that had an older version of xz not affected by this particular problem. The article I read claimed it had been found in time so that it isn't in production systems. We were lucky.
Show threadRobb Munson Mar 30, 2024
@arstechnica fuuuuuuuuuuuuckkkkkkk....*cracks open laptop I haven't used in a while and updates the fuck out of it*
Show threadJan CigerMar 30, 2024
@Robb_Munson @arstechnica Probably a good idea to do but unless you are using bleeding edge or rolling release distros you are not affected by this. Worse, you may paradoxically pull the vulnerable code in if you do happen to use such distribution ...
Show threadRobb Munson Mar 30, 2024
@janoc200 @arstechnica you're so much of a geek you don't realize jokes exist on the Internet.
Show threadJan CigerMar 30, 2024

@Robb_Munson @arstechnica

I guess I am not enough of a geek to read minds yet.

Sorry mate. That joke fell flat. 🤷‍♂️ Esp. for people who actually have to deal with the fallout of this backdoor.