Techly NewsGet the app

Get the latest tech news

SSH Compromised via Backdoor in liblzma


Date: Fri, 29 Mar 2024 08:51:26 -0700 From: Andres Freund <andres@...razel.de> To: oss-security@...ts.openwall.com Subject: backdoor in upstream xz/liblzma leading to ssh server compromise Hi, After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored. At first I thought this was a compromise of debian's package, but it turns out to be upstream.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Get the Android app

Or read this on r/technology

Read more on:

Photo of liblzma

liblzma

« LinkedIn is testing a TikTok-like feed for vertical video
Red Hat Issues Urgent Alert For Fedora Linux Users Due To Malicious Code »