Yeah...this looks like a "big" issue...wonder what the resolution is?....removal?...or just hunker down and wait for a patch/update from the devs?...
https://youtu.be/tVvbLS2Bm8c?si=39dTmn4JD3YqYitU On Sat, Mar 30, 2024, 4:08 PM Jeffrey Walton <noloa...@gmail.com> wrote: > On Sat, Mar 30, 2024 at 1:08 PM Dave Ihnat <dih...@dminet.com> wrote: > > > > Didn't see this go by, but it looks hot enough to risk a repeat posting. > > From a friend: > > > > It appears there's been a very serious effort to backdoor sshd on > > Linux via the xz compression/decompression system. > > > > https://www.openwall.com/lists/oss-security/2024/03/29/4 > > > > If you have anything running very recent Linux, it's worth > investigating > > whether you're affected. > > > > IBM Red Hat says, if you're running Fedora 40 or Fedora Rawhide: > > > > > PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA > > > RAWHIDE INSTANCES for work or personal activity. > > > > The identity that did this got to the point of being not only an xz > > maintainer but a Linux kernel contributor, and contributed to a number > > of other Open Source projects as well over the course of years. The > > identity may have been compromised to do this, or may have been created > > to do this, and may have used other contributions to build rapport or > > to compromise more projects as well. > > > > I looked at the detection script available at the URL in the posting. > It's > > harmless at worst (don't know yet if it can detect anything). > > It looks like more analysis has revealed this is a RCE with the > payload in the modulus of a public key: "The payload is extracted from > the N value (the public key) passed to RSA_public_decrypt, checked > against a simple fingerprint, and decrypted with a fixed ChaCha20 key > before the Ed448 signature verification..." Also see > <https://www.openwall.com/lists/oss-security/2024/03/30/36>. > > Jeff > -- > _______________________________________________ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
