You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2024-03-31 23:04:42
- siva
- Member
- Registered: 2018-01-25
- Posts: 278
CVE-2024-3094: LZMA/XZ security report
Thought the group might find this interesting.
From Red Hat:
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Related:
- https://gynvael.coldwind.pl/?lang=en&id=782
- https://www.openwall.com/lists/oss-secu … 24/03/29/4
- https://nvd.nist.gov/vuln/detail/CVE-2024-3094
Last edited by siva (2024-03-31 23:17:35)
Offline
#2 2024-04-01 01:29:48
- soren
- Member
- Registered: 2023-04-30
- Posts: 88
Re: CVE-2024-3094: LZMA/XZ security report
Perhaps admin might sticky this one instead of having more of these threads pop up, at least until this category 5 hurricane of an exploit is fully fleshed out and realized. No disrespect siva but this is about the 5th thread on this subject.
Offline
#3 2024-04-02 14:55:33
- siva
- Member
- Registered: 2018-01-25
- Posts: 278
Re: CVE-2024-3094: LZMA/XZ security report
My references weren't related directly to Devuan but I get your point.
Offline
#4 2024-04-08 12:10:28
- EDX-0
- Member
- Registered: 2020-12-12
- Posts: 56
Re: CVE-2024-3094: LZMA/XZ security report
fun enough, systemd does link xz-utils so machines running systemd with xz-utils 5.6.0 are extra compromised with an init level backdoor...
Offline
Pages: 1
