lemmy.sdf.org

1

12

The xz package (used by SSHD) has been backdoored (www.openwall.com)

submitted 1 year ago by c0mmando@links.hackliberty.org to c/netsec@links.hackliberty.org

0 comments fedilink

The upstream release tarballs for xz version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

ArchLinux and most rolling release distro are affected.

Debian Testing/Sid/Experimental are affected, Debian Stable ISN'T AFFECTED.

Short summary by the ArchLinux team: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Your distro should have a blog post/message to tell you what to do, either update (if they provide an updated version) or downgrade to a known-good version.

Analysis: https://www.openwall.com/lists/oss-security/2024/03/29/4

More Infos: https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://lists.debian.org/debian-security-announce/2024/msg00057.html https://github.com/tukaani-project/xz/issues/92

2

176

Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago* (last edited 1 year ago) by mox to c/selfhosted@lemmy.world

9 comments fedilink

Related discussion:

https://news.ycombinator.com/item?id=39865810

https://news.ycombinator.com/item?id=39877267

Advisories:

CVE-2024-3094
Arch
Debian
openSUSE
Red Hat

3

65

Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago* (last edited 1 year ago) by mox to c/linux@lemmy.world

0 comments fedilink

Related discussion:

https://news.ycombinator.com/item?id=39865810

https://news.ycombinator.com/item?id=39877267

Advisories:

CVE-2024-3094
Arch
Debian
openSUSE
Red Hat

4

10

oss-security - Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago by repostbot33@lemmy.world to c/netsec@lemmy.world

0 comments fedilink

5

144

Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago by e0qdk@reddthat.com to c/programming@programming.dev

11 comments fedilink

6

40

Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago by thomask to c/cybersecurity@sh.itjust.works

2 comments fedilink

7

3

Backdoor in upstream xz/liblzma leading to SSH server compromise (www.openwall.com)

submitted 1 year ago by bot@lemmy.smeargle.fans to c/hackernews@lemmy.smeargle.fans

0 comments fedilink

HN Discussion

8

27

backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago by Atemu@lemmy.ml to c/security@lemmy.ml

0 comments fedilink

9

523

backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)

submitted 1 year ago by Atemu@lemmy.ml to c/linux@lemmy.ml

99 comments fedilink

SDF Chatter