Subj : A backdoor in xz
To   : All
From : LWN.net
Date : Fri Mar 29 2024 17:45:05

A backdoor in xz

Date:
Fri, 29 Mar 2024 17:33:57 +0000

Description:
Andres Freund has posted a
detailed investigation into a backdoor that was shipped with versions
5.6.0 and 5.6.1 of the xz compression utility.  It appears that the
malicious code may be aimed at allowing SSH authentication to be bypassed. I 
have not yet analyzed precisely what is being checked for in the
	injected code, to allow unauthorized access. Since this is running
	in a pre-authentication context, it seems likely to allow some form
	of access or other form of remote code execution. The affected 
versions are not yet widely shipped, but checking systems for
the bad version would be a good idea.

======================================================================
Link to news story:
https://lwn.net/Articles/967180/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.