XZ Utils Faced What is Probably The Biggest Exploit in FOSS - Debian and Fedora ...
... based Distros (almost all of Linux is affected.
- Carefully planned over many years.
- Discovered by Andres Freund when benchmarking SSH connections.
#stem #informationwar #pob #waivio
Posted via D.Buzz
0
0
0.000
The maintainer should not be the one to blamed. He was working for free on a project that was used even by multi trillion dollar companies every single day. He too was a victim. Instead, think about what is going on with closed source software at the moment.
Posted via D.Buzz
If you would like to see a more detailed breakdown, you can read the Openwall post and watch the following video stream with real experts discussing the exploit:
Posted via D.Buzz
It’s a nasty one, that’s for sure
It is easily one of the worst with a CVSS score of 10 (which is the highest possible).
Afaik Fedora 39 (current stable release) is not affected.
Posted via D.Buzz
That is true. Only Fedora 40 (beta) and Rawhide were affected. The fact that the exploit made this far and only accidentally discovered is already very concerning. Fedora 40 was about to release in few week.
https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/