Gorb [they/them]@hexbear.net to technology@hexbear.netEnglish · edit-27 months agoliblzma and xz version 5.6.0 and 5.6.1 are vulnerable to arbitrary code execution compromise via sshd and systemdxeiaso.netexternal-linkmessage-square3fedilinkarrow-up125arrow-down10
arrow-up125arrow-down1external-linkliblzma and xz version 5.6.0 and 5.6.1 are vulnerable to arbitrary code execution compromise via sshd and systemdxeiaso.netGorb [they/them]@hexbear.net to technology@hexbear.netEnglish · edit-27 months agomessage-square3fedilink
minus-squaretrompete [he/him]@hexbear.netlinkfedilinkEnglisharrow-up5·7 months agoPerhaps worth mentioning: Some unknown person added malware to their tarball releases, specifically to backdoor ssh, which on most Linux distros was patched to load some systemd library, which in turn loads liblzma.
Perhaps worth mentioning: Some unknown person added malware to their tarball releases, specifically to backdoor ssh, which on most Linux distros was patched to load some systemd library, which in turn loads liblzma.