Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
Aissen@treehouse.systems ("Anisse") wrote:
Wow, that's very scary. It seems like a regular contributor (for 2 years) to an open source project (xz/liblzma) has planted exploit code that has heavy repercussion on ssh security. When the issue was caught by valgrind, the attacker fixed it, and then updated the exploit code ("test files") to keep it working.
Luckily it seems to have been caught early (before widespread distro integration). You can use @vegard 's script to analyze if your system is compromised.
https://mastodon.social/users/vegard/statuses/112179869758119960