Sysadmin

7490 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago

MODERATORS

DarraignTheSane

00Lemming

L3s

121

Backdoor found in widely used Linux utility breaks encrypted SSH connections | Ars Technica (arstechnica.com)

submitted 5 months ago by [email protected] to c/sysadmin

8 comments fedilink hide all child comments

Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 5 months ago (1 children)

That's not correct as far as I can tell. The backdoored code ended up in release tarballs (but not source tarballs because of autoconf fuckery), see eg. this mailing list discussion.

[–] SMillerNL 2 points 5 months ago

Ah, you’re right. I wasn’t aware they had release tars on GitHub as well