xz package is severely affected with injected code in some linux distributions. - Printable Version +- PINE64 (https://forum.pine64.org) +-- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=1) +--- Forum: General (https://forum.pine64.org/forumdisplay.php?fid=74) +--- Thread: xz package is severely affected with injected code in some linux distributions. (/showthread.php?tid=19163)

xz package is severely affected with injected code in some linux distributions. - zetabeta - 03-29-2024 xz package is severely affected with injected code in some linux distributions. xz library in this case can infect sshd, ssh server. we probably know details later, but ssh server is compromised somehow. and it is not known how this vulnerability is used in the wild. upgrade or downgrade depending on a distribution asap. https://lists.debian.org/debian-security-announce/2024/msg00057.html https://www.openwall.com/lists/oss-security/2024/03/29/4 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users https://infosec.exchange/@kalilinux/112180505434870941