Yeah...this looks like a "big" issue...wonder what the resolution is?....removal?...or just hunker down and wait for a patch/update from the devs?...
https://youtu.be/tVvbLS2Bm8c?si=39dTmn4JD3YqYitU
On Sat, Mar 30, 2024, 4:08 PM Jeffrey Walton noloader@gmail.com wrote:
On Sat, Mar 30, 2024 at 1:08 PM Dave Ihnat dihnat@dminet.com wrote:
Didn't see this go by, but it looks hot enough to risk a repeat posting. From a friend:
It appears there's been a very serious effort to backdoor sshd on Linux via the xz compression/decompression system.
https://www.openwall.com/lists/oss-security/2024/03/29/4
If you have anything running very recent Linux, it's worth
investigating
whether you're affected.
IBM Red Hat says, if you're running Fedora 40 or Fedora Rawhide:
PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES for work or personal activity.
The identity that did this got to the point of being not only an xz maintainer but a Linux kernel contributor, and contributed to a number of other Open Source projects as well over the course of years. The identity may have been compromised to do this, or may have been created to do this, and may have used other contributions to build rapport or to compromise more projects as well.
I looked at the detection script available at the URL in the posting.
It's
harmless at worst (don't know yet if it can detect anything).
It looks like more analysis has revealed this is a RCE with the payload in the modulus of a public key: "The payload is extracted from the N value (the public key) passed to RSA_public_decrypt, checked against a simple fingerprint, and decrypted with a fixed ChaCha20 key before the Ed448 signature verification..." Also see https://www.openwall.com/lists/oss-security/2024/03/30/36.
Jeff
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue