Xan (welcome to the xaniverse)

@trannyman

idiot optimist

he/they
pleasepraise.me/xanther

https://tranny-man.tumblr.com/
Leo ● Trans masc butch/stud ○ 27●💉 - 12 /7/17 / 🔪 - 10/10/19
Add me in discord: xanthers

Xan (welcome to the xaniverse)@trannyman3/29/2024, 8:53 PM

dj baby boy @PolyCement

Nire Bryce @NireBryce3/29/2024, 5:44 PM

sound powered telephone whirr OpenSSH exploit made it to release in at least Debian, fedora unstable branches, maybe more. `xz` target

current fedora release may be hit too

hugops to every damage control party and home sysadmin with too many fedora and Debian based unstable/prerelease machines

(may effect more than that)

there's a script to detect it in the email thread

Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

https://www.openwall.com/lists/oss-security/2024/03/29/4

#openssh #ssh #CVE #computer security #infosec #sysadmin #self hosting #linux #debian #xz #fedora linux

K. Starling @kstarling3/29/2024, 8:02 PM

This package is part of the Arch Linux base system, so please treat ALL Arch-derived systems as compromised.

An update is already available from the primary Arch repository which removes the exploit, please upgrade ASAP.

#Arch Linux

You must log in to comment.

in reply to @kstarling's post:

Nire Bryce @NireBryce3/29/2024, 10:59 PM

did it actually make it to release in arch yet

K. Starling @kstarling3/30/2024, 12:49 AM

It did, but they pushed a patch this morning to remove the malicious code, so everyone just needs to upgrade.

Nire Bryce @NireBryce3/30/2024, 1:02 AM

oh yikes

Pinned Tags