Backdoor in upstream xz/liblzma leading to ssh server compromise - tor-relays - lists.torproject.org

newer
User advisory to check for...

Backdoor in upstream xz/liblzma leading to ssh server compromise

older
Tor relay operator research

hello＠relaymagic.org

30 Mar 2024 30 Mar '24

12:02 a.m.

Just wanted to bring this to everyone’s attention if you hadn’t seen it already. Developer discovered a backdoor in xz-utils https://www.openwall.com/lists/oss-security/2024/03/29/4 -- Sent from Canary (https://canarymail.io)

Attachments:

attachment.html (text/html — 932 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

lists＠for-privacy.net

2 Apr 2 Apr

10:41 a.m.

On Samstag, 30. März 2024 01:02:54 CEST hello@relaymagic.org via tor-relays wrote:

Just wanted to bring this to everyone’s attention if you hadn’t seen it already. Developer discovered a backdoor in xz-utils https://www.openwall.com/lists/oss-security/2024/03/29/4

Pretty unlikely that anyone uses testing or sid for productive servers. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

Reply

Sign in to reply online Use email software

425

Age (days ago)

428

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

hello＠relaymagic.org
lists＠for-privacy.net