eb , 3 months ago Unfolding now: https://news.ycombinator.com/item?id=39865810 https://www.openwall.com/lists/oss-security/2024/03/29/4 https://github.com/tukaani-project/xz/commit/cf44e4b7f5dfdbf8c78aef377c10f71e274f63c0 An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts: https://github.com/tukaani-project/xz/commit/ee44863ae88e377a5df10db007ba9bfadde3d314 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708 https://github.com/jamespfennell/xz/pull/2 The timeline on this is going to take so long to unravel #security #linux
Unfolding now: https://news.ycombinator.com/item?id=39865810
An incredibly technically complex #backdoor in xz (potentially also in libarchive and elsewhere) was just discovered. This backdoor has been quietly implemented over years, with the assistance of a wide array of subtly interconnected accounts:
The timeline on this is going to take so long to unravel
#security #linux
