mox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-28 months agoBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square9fedilinkarrow-up1156arrow-down13file-textcross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterlinux@lemmy.world
arrow-up1153arrow-down1external-linkBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.commox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-28 months agomessage-square9fedilinkfile-textcross-posted to: opensource@lemmit.onlinetechnologie@jlai.lunetsec@links.hackliberty.orglinux_gaming@lemmit.onlineprogramming@zerobytes.monstercybersecurity@zerobytes.monsternetsec@zerobytes.monsterlinux@zerobytes.monsterlinux@lemmy.world
Related discussion: https://news.ycombinator.com/item?id=39865810 Advisories: CVE-2024-3094 Arch Debian openSUSE Red Hat
minus-squareMoonrise2473@feddit.itlinkfedilinkEnglisharrow-up5·8 months agoWow And for a state sponsored attacker is cheaper to bribe (or threaten to kill, even cheaper) the single developer to add a backdoor than all the research to find a zero day
Wow
And for a state sponsored attacker is cheaper to bribe (or threaten to kill, even cheaper) the single developer to add a backdoor than all the research to find a zero day