xz compression library v 5.60 & 5.61 have been backdoored - SSH compromised

For discussions about security.
Post Reply
dogcat
Posts: 199
Joined: Fri Feb 18, 2022 11:14 pm
Has thanked: 32 times
Been thanked: 80 times

xz compression library v 5.60 & 5.61 have been backdoored - SSH compromised

Post by dogcat »

https://archlinux.org/news/the-xz-packa ... ackdoored/

(5.60 was released 24 Feb, 2024)

μακάριοι οἱ δεδιωγμένοι ἕνεκεν δικαιοσύνης, ὅτι αὐτῶν ἐστιν ἡ βασιλεία τῶν οὐρανῶν.

Top
User avatar
rockedge
Site Admin
Posts: 5711
Joined: Mon Dec 02, 2019 1:38 am
Location: Connecticut,U.S.A.
Has thanked: 1990 times
Been thanked: 2097 times
Contact:
Contact rockedge

Re: xz compression library v 5.60 & 5.61 have been backdoored

Post by rockedge »

Void Linux has removed it upstream and replaced with 5,4 today!

Top
geo_c
Posts: 2501
Joined: Fri Jul 31, 2020 3:37 am
Has thanked: 1799 times
Been thanked: 705 times

Re: xz compression library v 5.60 & 5.61 have been backdoored

Post by geo_c »

rockedge wrote: Sat Mar 30, 2024 12:16 am

Void Linux has removed it upstream and replaced with 5,4 today!

Wow, so does this run only if a compression command is used? I guess I should do a system update.

geo_c
Old School Hipster, and Such

Top
geo_c
Posts: 2501
Joined: Fri Jul 31, 2020 3:37 am
Has thanked: 1799 times
Been thanked: 705 times

Re: xz compression library v 5.60 & 5.61 have been backdoored

Post by geo_c »

Here's some info on it: https://arstechnica.com/security/2024/0 ... nnections/

geo_c
Old School Hipster, and Such

Top
Post Reply

Return to “Security”