In the latest liblzma update, a trusted bad actor called 'JiaT75' implemented a backdoor which allows RCA calls to system() on ssh connections. Here I'm look...
For all those wanting to know what version of the xz package you have, DO NOT use xz -V or xz --version. Ask your package manager instead; e.g. apt info xz-utils. Executing a potentially malicious binary IS NOT a good idea, so ask your package manager instead.
For all those wanting to know what version of the xz package you have, DO NOT use
xz -Vorxz --version. Ask your package manager instead; e.g.apt info xz-utils. Executing a potentially malicious binary IS NOT a good idea, so ask your package manager instead.