For the uninitiated, a major compromise has been discovered in liblzma, where an apparent backdoor has been inserted that breaks ssh-rsa authentication in sshd.
Raspberry Pi OS packages (and in general Raspberry Pi) are unaffected because
- The compromised code is not in the upstream Debian Bookworm release
- The exploit explicitly checks for x86_64 arch on the target system
This doesn't exclude other third-party packages that may rely on compromised versions of liblzma.
This is a "software supply chain" attack that was very close to going undiscovered, and making it into major operating system components.
Further reading (from links not on random pseudosocial media threads):
https://www.openwall.com/lists/oss-secu ... 24/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
PoC:
https://gist.github.com/keeganryan/a6c2 ... 6dfdf95ae4
Raspberry Pi OS packages (and in general Raspberry Pi) are unaffected because
- The compromised code is not in the upstream Debian Bookworm release
- The exploit explicitly checks for x86_64 arch on the target system
This doesn't exclude other third-party packages that may rely on compromised versions of liblzma.
This is a "software supply chain" attack that was very close to going undiscovered, and making it into major operating system components.
Further reading (from links not on random pseudosocial media threads):
https://www.openwall.com/lists/oss-secu ... 24/03/29/4
https://gynvael.coldwind.pl/?lang=en&id=782
PoC:
https://gist.github.com/keeganryan/a6c2 ... 6dfdf95ae4
Statistics: Posted by jdb — Sat Mar 30, 2024 9:39 pm