Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square100fedilinkarrow-up1525arrow-down15cross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orglinux_gaming@lemmit.onlineselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devsaugumas@group.ltcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fans
arrow-up1520arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square100fedilinkcross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orglinux_gaming@lemmit.onlineselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devsaugumas@group.ltcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fans
minus-squareStatic_Rocket@lemmy.worldlinkfedilinkEnglisharrow-up13·edit-28 months agoArch had a patch rolled out yesterday [1][2][3] that switches to the git repo. On top of that the logic in the runtime shim and build script modifier was orchestrated to target Debian and RPM build systems and environments [4]. [1] https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757abdc39d3cfea1c3e34ec09f637424ad [2] https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/issues/2 [3] https://security.archlinux.org/CVE-2024-3094 [4] https://www.openwall.com/lists/oss-security/2024/03/29/4
Arch had a patch rolled out yesterday [1][2][3] that switches to the git repo. On top of that the logic in the runtime shim and build script modifier was orchestrated to target Debian and RPM build systems and environments [4].
[1] https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757abdc39d3cfea1c3e34ec09f637424ad
[2] https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/issues/2
[3] https://security.archlinux.org/CVE-2024-3094
[4] https://www.openwall.com/lists/oss-security/2024/03/29/4