Back door in xz library jeopardizes SSH connections
mib2berlin
Hi, a German article about this issue:
https://www.heise.de/news/Hintertuer-in-xz-Bibliothek-gefaehrdet-SSH-Verbindungen-9671317.html
There are some distributions where xz could be affected.
Debian testing, Kali, Arch, Gentoo, for example.
Opensuse Tumbleweed was fixed at Thursday.
There is a bash script to check this from the explorer of the backdoor:
https://github.com/cyclone-github/scripts/blob/main/xz_cve-2024-3094-detect.sh
Cheers, mib
Since yesterday my SSH server got much more attacks. But as it is not rolling release or testing distrie with the vulnerable 5.6 lib, all is nice.
Ans my local PCs have no SSH listening outside on LAN addresses.
Aaron Translator