03-29-2024, 02:57 PM
xz package is severely affected with injected code in some linux distributions.
xz library in this case can infect sshd, ssh server. we probably know details later, but ssh server is compromised somehow. and it is not known how this vulnerability is used in the wild.
upgrade or downgrade depending on a distribution asap.
https://lists.debian.org/debian-security...00057.html
https://www.openwall.com/lists/oss-secur...24/03/29/4
https://www.redhat.com/en/blog/urgent-se...hide-users
https://infosec.exchange/@kalilinux/112180505434870941
xz library in this case can infect sshd, ssh server. we probably know details later, but ssh server is compromised somehow. and it is not known how this vulnerability is used in the wild.
upgrade or downgrade depending on a distribution asap.
https://lists.debian.org/debian-security...00057.html
https://www.openwall.com/lists/oss-secur...24/03/29/4
https://www.redhat.com/en/blog/urgent-se...hide-users
https://infosec.exchange/@kalilinux/112180505434870941