Atemu@lemmy.ml to Linux@lemmy.ml · 8 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square100fedilinkarrow-up1527arrow-down15cross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
arrow-up1522arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 8 months agomessage-square100fedilinkcross-posted to: opensource@lemmit.onlinenetsec@links.hackliberty.orgselfhosted@lemmy.worldlinux@lemmy.worldprogramming@programming.devcybersecurity@sh.itjust.workshackernews@lemmy.smeargle.fanssecurity@lemmy.ml
minus-squareflying_sheep@lemmy.mllinkfedilinkarrow-up13·8 months agoNo, read the link you posted: Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: ldd "$(command -v sshd)" However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way.
No, read the link you posted: