xz/liblzma Compromise Link Roundup
shellsharks.comLinks to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).
The xz backdoor from a Security Engineer persepective
As you probably already heard, the xz package got compromised. The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as CVE-2024-3094.