Backdoor found in widely used Linux utility breaks encrypted SSH connections

⁨63⁩ ⁨likes⁩

Submitted ⁨⁨7⁩ ⁨months⁩ ago⁩ by ⁨BrikoX@lemmy.zip⁩ to ⁨technology@lemmy.zip⁩

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

Malicious code planted in xz Utils has been circulating for more than a month.

Comments

Sort:hotnew top

bleistift2@feddit.de ⁨7⁩ ⁨months⁩ ago

In some cases, the backdoor has been unable to work as intended. The build environment on Fedora 40, for example, contains incompatibilities that prevent the injection from correctly occurring.

It’s really funny that it’s package incompatibilites that saved us.

source
- atkion@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  Image
  
  source
  - bleistift2@feddit.de ⁨7⁩ ⁨months⁩ ago
    That’s it! Thank you!
    
    source
- themoonisacheese@sh.itjust.works ⁨7⁩ ⁨months⁩ ago
  You know how “the most stable ABI on Linux is win32”? I wonder if there are already win32 viruses targeted at linux, shipped in cracked games for example.
  
  source
RxBrad@lemmy.today ⁨7⁩ ⁨months⁩ ago
[deleted]
source
- BrikoX@lemmy.zip ⁨7⁩ ⁨months⁩ ago
  That was an interesting rabbit hole to delve into, thanks.
  
  source
nothx@hexbear.net ⁨7⁩ ⁨months⁩ ago
Gotta love debian stable.

source