- original description on OSS Security ML: backdoor in upstream xz/liblzma leading to ssh server compromise
- Ars Technica: Backdoor found in widely used Linux utility targets encrypted SSH connections
- Ars Technica: What we know about the xz Utils backdoor that almost infected the world
- 🇩🇪 Heise: Die xz-Hintertür: Das verborgene Oster-Drama der IT
- 🇩🇪 Heise: xz-Attacke: Hintertür enträtselt, weitere Details zu betroffenen Distros
- Wired: The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
- Prelim analysis by Filippo Valsorda 🕵️ Who is Filippo Valsorda?
- first activity by perpetrator in 2021: libarchive/libarchive#1609
- Evan Boehs' comprehensive timeline: Everything I Know About the XZ Backdoor
- Brian Krebs on the 'Jia Tan' persona 🕵️ Who is Brian Krebs?
- FAQ on the xz-utils backdoor (CVE-2024-3094)
Last active
April 5, 2024 09:30
-
-
Save awendt/b2701a3269a7d246856a63040808f0c8 to your computer and use it in GitHub Desktop.
CVE-2024-3094
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
xz/liblzma: Bash-stage Obfuscation Explained