On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for convenience.
pull down to refresh
10 sats \ 1 reply \ @freetx 30 Mar
It seems the user (possibly chinese?) who submitted these patches was active for 2+ years and made other pull request.
I wonder how deep this goes?
reply
4 sats \ 0 replies \ @ch0k1 OP 30 Mar
We'll see 🙈
reply
0 sats \ 1 reply \ @Malachi17 30 Mar
While updating yesterday, I noticed this file had changed and I had to refresh and update again. Guess this was why.
reply
0 sats \ 0 replies \ @ch0k1 OP 31 Mar
👩💻
reply