xz/liblzma Compromise Link Roundup
Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).
Putting an xz Backdoor Payload in a Valid RSA Key
rya.ncLast week, a backdoor was discovered in xz-utils. The backdoor processes commands sent using RSA public keys as a covert channel. In order to prevent anyone else from using the backdoor, the threat…