Lemmy.World

160,691 readers
6,911 users here now

The World's Internet Frontpage Lemmy.World is a general-purpose Lemmy instance of various topics, for the entire world to use.

Be polite and follow the rules βš– https://legal.lemmy.world/tos

Get started

See the Getting Started Guide

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Liberapay patrons

Join the team 😎

Check out our team page to join

Questions / Issues

More Lemmy.World

Follow us for server news 🐘

Mastodon Follow

Chat πŸ—¨

Discord

Matrix

Alternative UIs

Monitoring / Stats 🌐

Service Status πŸ”₯

https://status.lemmy.world

Mozilla HTTP Observatory Grade

Lemmy.World is part of the FediHosting Foundation

founded 1 year ago
ADMINS
ruud
MichelleG
jelloeater85
Xylinna
Thekingoflorda
lwadmin
Rooki
AutoMod
kersploosh
MrKaplan
listing: all - local
search
1
9
Backdoor in upstream xz/liblzma leading to SSH server compromise (www.openwall.com)
 
 

publication croisΓ©e depuis : https://lemmy.smeargle.fans/post/139765

HN Discussion

2
14
The xz package (used by SSHD) has been backdoored (www.openwall.com)
 
 

The upstream release tarballs for xz version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

ArchLinux and most rolling release distro are affected.

Debian Testing/Sid/Experimental are affected, Debian Stable ISN'T AFFECTED.

Short summary by the ArchLinux team: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Your distro should have a blog post/message to tell you what to do, either update (if they provide an updated version) or downgrade to a known-good version.

Analysis: https://www.openwall.com/lists/oss-security/2024/03/29/4

More Infos: https://archlinux.org/news/the-xz-package-has-been-backdoored/ https://lists.debian.org/debian-security-announce/2024/msg00057.html https://github.com/tukaani-project/xz/issues/92

3
173
Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/selfhosted
9 comments fedilink
 
 

Related discussion:

https://news.ycombinator.com/item?id=39865810

https://news.ycombinator.com/item?id=39877267

Advisories:

CVE-2024-3094
Arch
Debian
openSUSE
Red Hat

4
65
Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/linux
0 comments fedilink
 
 

Related discussion:

https://news.ycombinator.com/item?id=39865810

https://news.ycombinator.com/item?id=39877267

Advisories:

CVE-2024-3094
Arch
Debian
openSUSE
Red Hat

5
10
oss-security - Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
submitted 3 months ago by repostbot33 to c/netsec
0 comments fedilink
6
138
Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
7
6
Subject: backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
 
 

Check https://news.ycombinator.com/item?id=39865810 comments as well

8
39
Backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
9
25
backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
10
487
backdoor in upstream xz/liblzma leading to ssh server compromise (www.openwall.com)
view more: next β€Ί