Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files (thehackernews.com)
from Lanky_Pomegranate530@midwest.social to cybersecurity@sh.itjust.works on 13 Apr 2024 04:49
https://midwest.social/post/11012649

#cybersecurity

threaded - newest

tedu on 13 Apr 2024 05:28 collapse

And is the backdoor actually included in the crate or is this an overhyped nothingburger?

magikmw@lemm.ee on 13 Apr 2024 07:04 collapse

The original backdoor only worked if xz was being used by a linked sshd binary. Unless several other packages were targeted coorsinated attack, all of this is just clickbait and irrelevant.