oss-sec mailing list archives

Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Solar Designer <solar () openwall com>
Date: Sat, 30 Mar 2024 23:05:45 +0100

On Sat, Mar 30, 2024 at 11:00:09PM +0100, Solar Designer wrote:

I'm also attaching 3 extra files Gynvael provided - the stage 1 and
stage 2 shell scripts (gzipped to ensure they get through unmangled) and
a PNG image helping visualize the data layout (referenced in the middle
of the text below).

   https://gynvael.coldwind.pl/img/good-large_compressed.data.png


I totally forgot the mailing list is configured to strip images (since
they're too commonly used in people's e-mail signatures).  Temporarily
disabled, and resending (just the image now).

Alexander

Current thread:

RE: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- - RE: backdoor in upstream xz/liblzma leading to ssh server compromise Thomas Ward (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 31)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Michael.Karcher (Mar 31)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Dominique Martinet (Mar 31)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)