oss-security - Re: backdoor in upstream xz/liblzma leading to ssh server compromise

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20240330220545.GA15340@openwall.com>
Date: Sat, 30 Mar 2024 23:05:45 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: gynvael@...dwind.pl
Subject: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

On Sat, Mar 30, 2024 at 11:00:09PM +0100, Solar Designer wrote:
> I'm also attaching 3 extra files Gynvael provided - the stage 1 and
> stage 2 shell scripts (gzipped to ensure they get through unmangled) and
> a PNG image helping visualize the data layout (referenced in the middle
> of the text below).

>    https://gynvael.coldwind.pl/img/good-large_compressed.data.png

I totally forgot the mailing list is configured to strip images (since
they're too commonly used in people's e-mail signatures).  Temporarily
disabled, and resending (just the image now).

Alexander

Download attachment "good-large_compressed.data.png" of type "image/png" (39140 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.