Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss| Isosceles Blog
Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.| WIRED
In late March 2024, the open source community discovered a backdoor in XZ Utils, a suite of tools that use the xz compression algorithm. The xz backdoor was embedded inside liblzma, and took effect when liblzma was used in OpenSSH, a common remote-login tool. You can read about this extensively in many places elsewhere. Since then, many people leveraged the xz backdoor to highlight their favorite systemic issue in open source.| dadrian.io
It’s all over the tech news. Someone managed to put a backdoor on xz Utils, a very common package on Linux systems. In this post I want to share with you about what happened, how it impacted Kairos images, and what you should do in case you were affected. TL;DR A backdoor that can be used to exploit systemd based Linux via ssh was introduced in xz Utils. Only Kairos Tumbleweed v3.| kairos.io