xz package is severely affected with injected code in some linux distributions.

xz package is severely affected with injected code in some linux distributions.

zetabeta
Pine Scholar

Joined: Jul 2020

Posts: 463

Reputation: 45

03-29-2024, 02:57 PM

xz package is severely affected with injected code in some linux distributions.

xz library in this case can infect sshd, ssh server. we probably know details later, but ssh server is compromised somehow. and it is not known how this vulnerability is used in the wild.

upgrade or downgrade depending on a distribution asap.

https://lists.debian.org/debian-security...00057.html

https://www.openwall.com/lists/oss-secur...24/03/29/4

https://www.redhat.com/en/blog/urgent-se...hide-users

https://infosec.exchange/@kalilinux/112180505434870941

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Is the Linux mobile phone still developing?	CleanEnvironment	5	1,110	08-07-2024, 06:25 PM Last Post: KC9UDX
	Has anyone successfully flashed an Ox64 (128Mb) from linux?	slondr	3	2,901	02-12-2024, 12:50 AM Last Post: Pavlos1
	[Article] Ox64 BL808 RISC-V SBC: Booting Linux and (maybe) Apache NuttX RTOS	lupyuen	2	1,422	11-04-2023, 08:41 PM Last Post: lupyuen
	Possible new Pine64 product - Pine Blue Ray DVD Linux tv box	Omnios	5	2,392	07-24-2023, 03:21 PM Last Post: Omnios
	[Article] Booting RISC-V Linux on Star64 JH7110 SBC	lupyuen	3	2,183	07-05-2023, 02:04 AM Last Post: balbes150
	[Article] Inspecting the RISC-V Linux Images for Star64 SBC	lupyuen	3	2,122	06-29-2023, 05:09 AM Last Post: balbes150
	Concerns about Linux future	Chief	15	8,681	01-20-2023, 05:23 AM Last Post: thaleszop
	Online Linux Terminals	palak231	1	1,305	09-13-2022, 01:50 PM Last Post: anonymous
	Linux desktop on a Snapdragon 870 phone.	Vasant	0	1,612	06-23-2022, 12:40 PM Last Post: Vasant
	Linux support for RK3588	adiboc	0	3,785	02-10-2022, 01:16 PM Last Post: adiboc

Forum Jump:

Users browsing this thread: 1 Guest(s)

About Us