xz/liblzma Compromise Link Roundup
Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).
The xz backdoor from a Security Engineer persepective
appsec.spaceAs you probably already heard, the xz package got compromised. The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as CVE-2024-3094.