Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square99fedilinkarrow-up1504arrow-down15cross-posted to: selfhosted@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.works
arrow-up1499arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square99fedilinkcross-posted to: selfhosted@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.works
minus-squarefriend_of_satan@lemmy.worldlinkfedilinkEnglisharrow-up17arrow-down3·8 months agoThe back door is not in the source code though, so it’s not reproducible from source.
minus-squareStatic_Rocket@lemmy.worldlinkfedilinkEnglisharrow-up12·edit-28 months agoPart of the payload was in the tarball. There was still a malicious shim in the upstream repo
The back door is not in the source code though, so it’s not reproducible from source.
Part of the payload was in the tarball. There was still a malicious shim in the upstream repo