MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
not
Recherche

What we need to take away from the XZ Backdoor (openSUSE News)

vendredi 12 avril 2024, 15:55 , par LWN.net
Dirk Mueller has posted a
lengthy analysis of the XZ backdoor on the openSUSE News site, with a
focus on openSUSE's response.

Debian, as well as the other affected distributions like openSUSE
are carrying a significant amount of downstream-only patches to
essential open-source projects, like in this case OpenSSH. With
hindsight, that should be another Heartbleed-level learning for the
work of the distributions. These patches built the essential steps
to embed the backdoor, and do not have the scrutiny that they
likely would have received by the respective upstream
maintainers. Whether you trust Linus Law or not, it was not even
given a chance to chime in here. Upstream did not fail on the
users, distributions failed on upstream and their users here.
Lire la suite sur LWN.net
https://lwn.net/Articles/969591/

Voir aussi

not Google Threatens To Cut Off News After California Proposes Paying Media Outlets Slashdot13 Apr
opensuse Fox News, far-right podcasters ruined an innocent man's life by identifying him as a neo-Nazi shooter, alleges lawsuit BoingBoing12 Apr
backdoor GNU Hurd ported to AArch64, and more Hurd news OS News11 Apr
distributions Comedy band helps make news about Marjorie Taylor Greene slightly less nauseating BoingBoing11 Apr
upstream What can be done to protect open source devs from next xz backdoor drama? TheRegister 6 Apr
essential Former Fox News head: "Donald Junior is a pathetic, low IQ oaf, who spews ridiculous lies to please daddy" BoingBoing 5 Apr
like Republican news camera calls Donald Trump's bluff when he brags about crowd size (video) BoingBoing 3 Apr
what The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind Wired: Tech. 3 Apr
patches Yahoo Is Buying Artifact, the AI News App From the Instagram Co-Founders Slashdot 3 Apr
here New XZ Backdoor Scanner Detects Implants In Any Linux Binary Slashdot 2 Apr
away [$] How the XZ backdoor works LWN.net 2 Apr
users Stupeur avec une backdoor pour des distributions Linux Génération-NT 2 Apr
news The XZ Backdoor: Everything You Need to Know Wired: Tech. 2 Apr
take Malicious xz backdoor reveals fragility of open source TheRegister 1 Apr
need Malicious SSH backdoor sneaks into xz, Linux world's data compression library TheRegister29 Mar
not Backdoor in upstream xz/liblzma leading to SSH server compromise OS News29 Mar
opensuse Negativity Drives Online News Consumption Slashdot29 Mar
backdoor A backdoor in xz LWN.net29 Mar
distributions Rachel Maddow pleads with NBC News to reconsider hiring their new traitor to democracy BoingBoing26 Mar
upstream Good news: HMRC offers a Linux version of Basic PAYE Tools. Bad news: It broke TheRegister26 Mar
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 2 mai - 11:20 CEST