Debian mugadziri uye chengetedzo muongorori Andres Freund anoshuma kuwanikwa kwemusuwo unogoneka mukodhi yekwakabva xz shanduro 5.6.0 uye 5.6.1.
The backdoor iri mutsara mune imwe yem4 zvinyorwa, iyo inowedzera obfuscated yakaipa kodhi kusvika kumagumo ekugadzirisa script. Kodhi iyi inobva yagadzirisa imwe yeMakefiles anogadzirwa nepurojekiti, izvo zvinozopedzisira zvaita kuti pave nekodhi ine hutsinye (inovanzarika seyakachengeterwa bvunzo bad-3-corrupt_lzma2.xz) ichiunzwa mune liblzma binary.
Iyo yakasarudzika yechiitiko ndechekuti iyo yakaipa kodhi ine chete mune yakagoverwa sosi kodhi tarballs uye haipo mune iyo git repository yeprojekiti.
Zvinoshumwa kuti munhu ane kodhi yakaipa yakawedzerwa panzvimbo yeprojekiti angave akabatanidzwa zvakananga pane zvakaitika, kana kuti akabatwa nekukanganisika kwakakomba kweakaundi ake ega (asi muongorori akarerekera kune yekutanga sarudzo, sezvo munhu uyu pachake akapinda munhaurirano dzakawanda dzine chokuita neshanduko dzakaipa).
Zvinoenderana neichi chinongedzo, muongorori anocherekedza kuti chinangwa chekupedzisira chebackdoor chinoita senge kupinza kodhi mune sshd maitiro uye kutsiva iyo RSA kiyi yekusimbisa kodhi, uye inopa nzira dzinoverengeka dzekutarisa zvisina kunanga kana hutsinye kodhi iri kushanda pane yako system.
Maererano nechinyorwa chenhau OpenSUSE project, nekuda kwekuoma kwekodhi yebackdoor uye iyo inofungidzirwa nzira yekushanda kwayo, zvakaoma kuona kana "yakashanda" kamwechete pamushini wakapihwa, uye inokurudzira kudzoreredzwa kwakazara kweOS nekutenderera kwese makiyi akakodzera pa. michina yese yakabatwa ne xz vhezheni kamwechete.
Source: linux.org.ru