On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for convenience.
10 sats \ 1 reply \ @freetx 30 Mar
It seems the user (possibly chinese?) who submitted these patches was active for 2+ years and made other pull request.
I wonder how deep this goes?
reply
4 sats \ 0 replies \ @ch0k1 OP 30 Mar
We'll see 🙈
reply
0 sats \ 1 reply \ @026180d3a3 30 Mar
While updating yesterday, I noticed this file had changed and I had to refresh and update again. Guess this was why.
reply
0 sats \ 0 replies \ @ch0k1 OP 31 Mar
👩💻
reply