30 Mar
2024
30 Mar
'24
12:15 p.m.
On Sat, 2024-03-30 at 12:08 -0500, Dave Ihnat wrote:
Didn't see this go by, but it looks hot enough to risk a repeat posting. From a friend:
It appears there's been a very serious effort to backdoor sshd on Linux via the xz compression/decompression system.
https://www.openwall.com/lists/oss-security/2024/03/29/4
If you have anything running very recent Linux, it's worth investigating whether you're affected.
AFAIK this only applies to Rawhide and the (as yet unreleased) F40, both of which I assume will be patched ASAP.
poc