Why Nostr? What is Njump?
2024-03-29 17:54:41

Gaelan Steele on Nostr: holy fuck: tl;dr: libxz backdoored by its maintainer; the malicious libxz detects if ...

holy fuck: https://www.openwall.com/lists/oss-security/2024/03/29/4

tl;dr: libxz backdoored by its maintainer; the malicious libxz detects if it's been linked into opensshd (which doesn't actually use libxz, but many distros patch it to use libsystemd, and libsystemd uses libxz) and, if so, does something (as yet unclear exactly what) to opensshd's RSA_public_decrypt()

appears to target Debian and Fedora, and didn't make it into stable versions of either, so you're probably fine unless you're running Fedora 41/rawhide or Debian testing
Author Public Key
npub1frq62vj4qv2w3sn5vr4r2hgl6aa4nn0w5j438fsc35dt07fqyegqv0tq3l