Skip to main content

Search

Items tagged with: cve

A couple things to think about here:

This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.

So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.

This is a massive breach of trust.

That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.

A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.

#infosec #linux #foss #hacking #cve20243094 #cve

#linux #foss #infosec #hacking #cve #cve20243094


Urgent security alert for Fedora Linux 40 and Fedora Rawhide users

Red Hat Information Risk and Security and Red Hat Product Security learned that the latest versions of the “xz” tools and libraries contain malicious code that appears to be intended to allow unauthorized access.
, (Red Hat)
#linux #foss #infosec #hacking #cve #cve20243094

Fellow Masto Admins,
Kindly upgrade to the latest release of Mastodon as soon as possible.

#mastodon #mastodev #mastoadmin #security #fediverse #cve

#fediverse #security #mastodon #mastoadmin #MastoDev #cve