Atemu@lemmy.ml to Linux@lemmy.ml · 9 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square23fedilinkarrow-up11arrow-down10cross-posted to: netsec@lemmy.worldprogramming@programming.devsecurity@lemmy.ml
arrow-up11arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 9 months agomessage-square23fedilinkcross-posted to: netsec@lemmy.worldprogramming@programming.devsecurity@lemmy.ml
minus-squareSavvyBeardedFish@reddthat.comlinkfedilinkEnglisharrow-up0·9 months agoArchlinux’s XZ was compromised as well. News post Git change for not using tarballs from source
minus-squareprogandy@feddit.delinkfedilinkarrow-up0·edit-29 months agoI think that was a precaution. The malicious build script ran during the build, but the backdoor itself was most likely not included in the resuling package as it checked for specific packaging systems. https://www.openwall.com/lists/oss-security/2024/03/29/22
Archlinux’s XZ was compromised as well.
News post
Git change for not using tarballs from source
I think that was a precaution. The malicious build script ran during the build, but the backdoor itself was most likely not included in the resuling package as it checked for specific packaging systems.
https://www.openwall.com/lists/oss-security/2024/03/29/22