mox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-28 months agoBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square9fedilinkarrow-up1156arrow-down13file-textcross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterlinux@lemmy.world
arrow-up1153arrow-down1external-linkBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.commox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-28 months agomessage-square9fedilinkfile-textcross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterlinux@lemmy.world
Related discussion: https://news.ycombinator.com/item?id=39865810 Advisories: CVE-2024-3094 Arch Debian openSUSE Red Hat
minus-squarevext01@lemmy.sdf.orglinkfedilinkEnglisharrow-up7·8 months agoIn case, like me, you were wondering what this has to do with ssh: openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.
In case, like me, you were wondering what this has to do with ssh: