Atemu@lemmy.ml to Linux@lemmy.ml · 6 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square30fedilinkarrow-up132arrow-down10cross-posted to: selfhosted@lemmy.world
arrow-up132arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 6 months agomessage-square30fedilinkcross-posted to: selfhosted@lemmy.world
minus-squarecapt_kafei@lemmy.calinkfedilinkEnglisharrow-up2·6 months agoDamn, it is actually scary that they managed to pull this off. The backdoor came from the second-largest contributor to xz too, not some random drive-by.
minus-squareAmbiguousProps@lemmy.todaylinkfedilinkEnglisharrow-up3·6 months agoThey’ve been contributing to xz for two years, and commited various “test” binary files.
minus-squareAlex@lemmy.mllinkfedilinkarrow-up2·6 months agoIt’s looking more like a long game to compromise an upstream.
minus-squarecjk@feddit.delinkfedilinkarrow-up1·6 months agoEither that or the attacker was very good at choosing their puppet…
Damn, it is actually scary that they managed to pull this off. The backdoor came from the second-largest contributor to xz too, not some random drive-by.
They’ve been contributing to xz for two years, and commited various “test” binary files.
It’s looking more like a long game to compromise an upstream.
Either that or the attacker was very good at choosing their puppet…