Note that in this case the backdoor was only inserted in some tarballs and enabl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		SkiFire13 on March 29, 2024 \| parent \| context \| favorite \| on: Backdoor in upstream xz/liblzma leading to SSH ser... Note that in this case the backdoor was only inserted in some tarballs and enabled itself only when building deb/rpm packages for x86-64 linux and with gcc and the gnu linker. This should already filter out the most exotic setups and makes it harder to reproduce.

1oooqooq on March 29, 2024 [–]

the point we got, when even exploits have to rely on user agent string sniffing.

reminds me of the gnu hack discovered because one of the savannah build hosts was some odd architecture the exploit wasn't expecting

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact