What we know about the xz Utils backdoor that almost infected the world - Ars Technica
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.| Ars Technica
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.| Ars Technica
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.| WIRED
In late March 2024, the open source community discovered a backdoor in XZ Utils, a suite of tools that use the xz compression algorithm. The xz backdoor was embedded inside liblzma, and took effect when liblzma was used in OpenSSH, a common remote-login tool. You can read about this extensively in many places elsewhere. Since then, many people leveraged the xz backdoor to highlight their favorite systemic issue in open source.| dadrian.io
It’s all over the tech news. Someone managed to put a backdoor on xz Utils, a very common package on Linux systems. In this post I want to share with you about what happened, how it impacted Kairos images, and what you should do in case you were affected. TL;DR A backdoor that can be used to exploit systemd based Linux via ssh was introduced in xz Utils. Only Kairos Tumbleweed v3.| kairos.io
