mox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-22 years agoBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square30fedilinkarrow-up1176arrow-down13file-text
arrow-up1173arrow-down1external-linkBackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.commox@lemmy.sdf.org to Selfhosted@lemmy.worldEnglish · edit-22 years agomessage-square30fedilinkfile-text
Related discussion: https://news.ycombinator.com/item?id=39865810 https://news.ycombinator.com/item?id=39877267 Advisories: CVE-2024-3094 Arch Debian openSUSE Red Hat
minus-squarevext01@lemmy.sdf.orglinkfedilinkEnglisharrow-up9·2 years agoIn case, like me, you were wondering what this has to do with ssh: openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.
In case, like me, you were wondering what this has to do with ssh: