Backdoor in upstream xz/liblzma leading to ssh server compromise - tor-relays - lists.torproject.org

List overview All Threads
Download

Backdoor in upstream xz/liblzma leading to ssh server compromise

User advisory to check for...

Tor relay operator research

hello＠relaymagic.org

30 Mar 2024 30 Mar '24

12:02 a.m.

Just wanted to bring this to everyone’s attention if you hadn’t seen it already. Developer discovered a backdoor in xz-utils https://www.openwall.com/lists/oss-security/2024/03/29/4

-- Sent from Canary (https://canarymail.io)

Attachments:

attachment.html (text/html — 932 bytes)

Reply

Show replies by date

lists＠for-privacy.net

2 Apr 2 Apr

10:41 a.m.

On Samstag, 30. März 2024 01:02:54 CEST hello@relaymagic.org via tor-relays wrote:

Just wanted to bring this to everyone’s attention if you hadn’t seen it already. Developer discovered a backdoor in xz-utils https://www.openwall.com/lists/oss-security/2024/03/29/4

Pretty unlikely that anyone uses testing or sid for productive servers.

-- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

Reply

235

Age (days ago)

238

Last active (days ago)

tor-relays@lists.torproject.org

1 comments

2 participants

tags (0)

participants (2)

hello＠relaymagic.org
lists＠for-privacy.net