On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for convenience.
10 sats \ 1 reply \ @freetx 30 Mar
It seems the user (possibly chinese?) who submitted these patches was active for 2+ years and made other pull request.
I wonder how deep this goes?
reply
We'll see 🙈
reply
While updating yesterday, I noticed this file had changed and I had to refresh and update again. Guess this was why.
reply
👩‍💻
reply