man this is some impressive work. Kudos for the implementation.
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Collapse
X
-
Originally posted by avis View Post
Your Linux system includes the following roughly the same attack vectors:- Bash (installed by default)
- Python (installed by default)
- Perl (often installed by default)
- GCC/Clang
- Ruby
- PHP
- Lua
Microsoft has never distributed malware, period. Stop making shit up.
You're asking for the same level of scrutiny for free? I'm asking for a million dollars.
Comment
-
As some of you may recall I explicitly talked about this type of vulnerability on open source software not too long ago.
Basically it's a case of what you see is not what you get, the code shared doesn't contain the exploit, it gets injected at compile time, or even better, manually added.
All open source software is vulnerable to this type of infiltration.
Also Fedora 41?
Fedora 40 isn't even out yet and Fedora 41 is already compromised?
Seriously, why would anyone use Fedora for anything?
Comment
-
-
Originally posted by sophisticles View Post
Also Fedora 41?
Fedora 40 isn't even out yet and Fedora 41 is already compromised?
Seriously, why would anyone use Fedora for anything?
Comment
-
-
Originally posted by sophisticles View PostAs some of you may recall I explicitly talked about this type of vulnerability on open source software not too long ago.
Basically it's a case of what you see is not what you get, the code shared doesn't contain the exploit, it gets injected at compile time, or even better, manually added.
All open source software is vulnerable to this type of infiltration.
Also Fedora 41?
Fedora 40 isn't even out yet and Fedora 41 is already compromised?
Seriously, why would anyone use Fedora for anything?
Comment
-
-
Originally posted by bug77 View Post
Stop comparing apples to oranges then. Windows is a commercial product. Commercial Linux never distributed any malware either.
You're asking for the same level of scrutiny for free? I'm asking for a million dollars.
Comment
-
-
Originally posted by bug77 View Post
Stop comparing apples to oranges then. Windows is a commercial product. Commercial Linux never distributed any malware either.
You're asking for the same level of scrutiny for free? I'm asking for a million dollars.
Comment
-
-
Originally posted by spicfoo View PostThere is no such thing as Fedora 41. So it cannot be compromised. Fedora 40 never got the update because the automated update checks failed and the update was never pushed out beyond staging. The only impacted place is the development branch.
Red Hat today issued an "urgent security alert" for Fedora 41 and Fedora Rawhide users over XZ. Yes, the XZ tools and libraries for this compression format. Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.
Comment
-
Comment