OSNews on Nostr: Backdoor in upstream xz/liblzma leading to SSH server compromise After observing a ...
Published at
2024-03-29 20:57:08Event JSON
{
"id": "e70fdfbb91c1015f353165c86623e73864669504d6bdd94a94727ae7b6f97a8f",
"pubkey": "c2115c9b5302392092cdcda8bad3cee5368f0ce09a01737c8b39b011f453836f",
"created_at": 1711745828,
"kind": 1,
"tags": [
[
"t",
"PrivacySecurity"
],
[
"proxy",
"https://mstdn.social/users/osnews/statuses/112180974647457090",
"activitypub"
]
],
"content": "Backdoor in upstream xz/liblzma leading to SSH server compromise\n\nAfter observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer:\n\nThe upstream xz repository and the xz tarballs have been backdoored.\n\nAt first I thought thi\n\nhttps://www.osnews.com/story/139064/backdoor-in-upstream-xz-liblzma-leading-to-ssh-server-compromise/\n\n#PrivacySecurity",
"sig": "ff3777480d3d845b680f8e5fec1d8e26fa52d34823d5f926a1b31332cff743766f0cf153f379812f9edd0881b72914105a44bd615153d8219afcd6470aa9bedd"
}