Sujet : Re: Gentoo and the XZ Backdoor
De : ff (at) *nospam* linux.rocks (Farley Flud)
Groupes : comp.os.linux.advocacyDate : 09. Apr 2024, 21:48:33
Autres entêtes
Organisation : UsenetExpress - www.usenetexpress.com
Message-ID : <17c4b46714408836$4$1413777$802601b3@news.usenetexpress.com>
References : 1 2 3
On 9 Apr 2024 00:09:59 GMT, rbowman wrote:
I do have sshd up on the Fedora 39 box but it wasn't affected.
>
As analysis continues, many interesting aspects of the backdoor
behavior emerge.
For one thing, only dkpg (Debian, et.al.) or RPM (RedHat, et.al)
builds are allowed by the backdoor code. Otherwise it will exit
during build and not inject the backdoor.
Another thing, only if argv[0] = /usr/sbin/sshd will the backdoor
be activated. Thus, only sshd (at that location) is affected.
Anything other program that links to liblzma will NOT be affected.
These aspects, and much more, can be found here:
https://research.swtch.com/xz-scripthttps://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utilsI was hoping for a good technical discussion but that's not
possible on this group of fools.
Ha, ha, ha, ha, ha, ha, ha, ha!
…