backdoor in upstream xz/liblzma leading to ssh server compromise

Atemu@lemmy.ml to Linux@lemmy.ml – 518 points –
openwall.com
99

You are viewing a single comment

ELI5 what does this mean for the average Linux user? I run a few Ubuntu 22.04 systems (yeah yeah, I know, canonical schmanonical) - but they aren’t bleeding edge, so they shouldn’t exhibit this vulnerability, right?

The average user? Nothing. Mostly it just affects those who get the newest versions of everything.

In this case I think that's just Fedora and Debian Sid users or so.

The backdoor only activates during DEB or RPM builds, and was quickly discovered so only rolling release distros using either package format were affected.

It mostly affects/targets the build systems of binary distros - infecting their build machines with this would result in complete compromise of released distro down the line.

1 more...