xz
backdoor security xz utils tools oss software
For various reasons I wasn’t able to write a summary for 2023. But if I had known then what to expect in 2024 with the current xz/liblzma1, I would have written a modified version of Wilhelm Hey’s “Alle Jahre wieder”2 instead of the recap.
As for the vulnerability itself, there are already a number of blogs on the subject, the best known being by Evan Boehs3 and Bruce Schneier4.
My two cents?
Read more...