Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH