XZ Utils Faced What is Probably The Biggest Exploit in FOSS - Debian and Fedora ...

@vimukthi 75

about 1 month ago

DBuzz

... based Distros (almost all of Linux is affected.

Carefully planned over many years.
Discovered by Andres Freund when benchmarking SSH connections.

#stem #informationwar #pob #waivio

Posted via D.Buzz

stem informationwar pob waivio

0.000

6 comments

@vimukthi 75

about 1 month ago (Edited)

The maintainer should not be the one to blamed. He was working for free on a project that was used even by multi trillion dollar companies every single day. He too was a victim. Instead, think about what is going on with closed source software at the moment.

Posted via D.Buzz

0.000

@vimukthi 75

about 1 month ago

If you would like to see a more detailed breakdown, you can read the Openwall post and watch the following video stream with real experts discussing the exploit:

Posted via D.Buzz

0.000

@ctrpch 68

about 1 month ago

It’s a nasty one, that’s for sure

0.000

@vimukthi 75

about 1 month ago

It is easily one of the worst with a CVSS score of 10 (which is the highest possible).

0.000

@gtpacheko17 67

about 1 month ago

Afaik Fedora 39 (current stable release) is not affected.

Posted via D.Buzz

0.000

@vimukthi 75

about 1 month ago

That is true. Only Fedora 40 (beta) and Rawhide were affected. The fact that the exploit made this far and only accidentally discovered is already very concerning. Fedora 40 was about to release in few week.

https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/

0.000