Didn't see this go by, but it looks hot enough to risk a repeat posting.
From a friend:
It appears there's been a very serious effort to backdoor sshd on
Linux via the xz compression/decompression system.
https://www.openwall.com/lists/oss-security/2024/03/29/4
If you have anything running very recent Linux, it's worth investigating
whether you're affected.
IBM Red Hat says, if you're running Fedora 40 or Fedora Rawhide:
PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA
RAWHIDE INSTANCES for work or personal activity.
The identity that did this got to the point of being not only an xz
maintainer but a Linux kernel contributor, and contributed to a number
of other Open Source projects as well over the course of years. The
identity may have been compromised to do this, or may have been created
to do this, and may have used other contributions to build rapport or
to compromise more projects as well.
I looked at the detection script available at the URL in the posting. It's
harmless at worst (don't know yet if it can detect anything).
Caveat Utilitor,
--
Dave Ihnat