Ancestors

Written by mFat on 2024-03-31 at 14:01

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCAs

https://lemdro.id/post/7519386

=> More informations about this toot | More toots from mfat@lemdro.id

Written by Goku on 2024-03-31 at 22:00

So if I have been using arch to with infected xz library to connect to a Debian LTS server, am I compromised?

=> More informations about this toot | More toots from youngGoku@lemmy.world

Toot

Written by TwiddleTwaddle@lemmy.blahaj.zone on 2024-04-01 at 01:50

From what I’ve read both arch and debian stable aren’t vulnerable to this. It targeted mostly debian-testing.

=> More informations about this toot | More toots from TwiddleTwaddle@lemmy.blahaj.zone

Descendants

Written by rotopenguin@infosec.pub on 2024-04-01 at 02:29

As I heard it - the (naughty) build tooling looked for rpm and deb, and bailed out if they were absent.

=> More informations about this toot | More toots from rotopenguin@infosec.pub

Written by mosiacmango on 2024-04-01 at 06:01

Arch stable had it apprently, but thats not the commonly used version of arch.

=> More informations about this toot | More toots from mosiacmango@lemm.ee

Written by Irate1013@lemmy.ml on 2024-04-01 at 13:41

Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch archlinux.org/…/the-xz-package-has-been-backdoore…

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

=> More informations about this toot | More toots from Irate1013@lemmy.ml