Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square100fedilinkarrow-up1528arrow-down15cross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldnetsec@lemmy.worldprogramming@programming.devsaugumas@group.ltcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
arrow-up1523arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square100fedilinkcross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldnetsec@lemmy.worldprogramming@programming.devsaugumas@group.ltcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
minus-squarefriend_of_satan@lemmy.worldlinkfedilinkEnglisharrow-up17arrow-down3·8 months agoThe back door is not in the source code though, so it’s not reproducible from source.
minus-squareStatic_Rocket@lemmy.worldlinkfedilinkEnglisharrow-up12·edit-28 months agoPart of the payload was in the tarball. There was still a malicious shim in the upstream repo
The back door is not in the source code though, so it’s not reproducible from source.
Part of the payload was in the tarball. There was still a malicious shim in the upstream repo