WARNING: Malicious code in current pre-release & testing versions/variants: F40 and rawhide affected - users of F40/rawhide need to respond
WARNING: Malicious code in current pre-release & testing versions/variants: F40 and rawhide affected - users of F40/rawhide need to respond
The xz package that has already entered the current F40 pre-release versions/variants and rawhide contains malicious code. This does NOT affect users of the Fedora releases (F38, F39 are thus not affected), but all users who use already F40 pre-release versions/variants or rawhide shall read this: ...
You're viewing a single thread.
What is the name of the software that is affected??
Hard to tell from first glance but my guess would be this is fallout from the ongoing
xzdrama. Here: https://www.openwall.com/lists/oss-security/2024/03/29/4xz is the compromised package, but it in turn compromises ssh authentication
In turn it
compromises ssh authenticationallows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you'd expect. Full root code execution.There is also a killswitch hard-coded into it, so it doesn't affect machines of whatever state actor developed it.
It's pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn't even in the code for ssh.
If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.
tens of hundreds
You mean thousands?
That was supposed to be or, not of.
It's in the article linked:
The
xzpackage that has already entered the current F40 pre-release versions/variants and rawhide contains malicious code.Microsoft Edge.