valued-customer avatar

Backdoor found in OpenSSH

valued-customer

Published: 30 Mar 2024 › Updated: 30 Mar 2024Backdoor found in OpenSSH

Backdoor found in OpenSSH

Just a quick heads up for folks that like to stay aware of these things.

https://www.openwall.com/lists/oss-security/2024/03/29/4

The discussion there well explains the situation, and why you're likely not at risk (the code wasn't widely in use yet).

"Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by linux
distributions, and where they have, mostly in pre-release versions."

So, if you can benefit from reading a thorough discussion of linux code in upstream tarballs, and have considered running - or have run - some pre-release Debian lately you should have a looksee so you know who to craft a voodoo doll of and torment with pins under their fingernails, or at least which code not to run.

I'm really happy linux is open source, and good honest people forthrightly discuss it.

Just think if the CIA was open source, and anyone good or honest was involved, how much a better place the world would be.

openwall.png
IMG source - Openwall.com

Edit: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

re-Edit: https://hachyderm.io/@danderson/112185746000358589

New discoveries.

re-re-Edit: https://gynvael.coldwind.pl/?lang=en&id=782

Discussion of the obfuscation, which is pretty interesting, and how the sploit functions.

Leave Backdoor found in OpenSSH to:

Written by

I type too much and sleep too little. My sons are all better men than me.

Read more #life posts


Best Posts From valued-customer

We have not curated any of valued-customer's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.

More Posts From valued-customer