0008696: backdoor in upstream xz/liblzma leading to ssh server compromise

ID	Project	Category	View Status	Date Submitted	Last Update

0008696	Kali Linux	Kali Package Bug	public	2024-03-29 19:43	2024-03-29 23:03

Reporter	kali-bugreport	Assigned To	Gamb1t
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed

Summary	0008696: backdoor in upstream xz/liblzma leading to ssh server compromise
Description	Only as FYI in case if Kali had imported the affected package; https://www.openwall.com/lists/oss-security/2024/03/29/4

Date Modified	Username	Field	Change
2024-03-29 19:43	kali-bugreport	New Issue
2024-03-29 21:51	kali-bugreport	Note Added: 0019080
2024-03-29 23:03	Gamb1t	Note Added: 0019086
2024-03-29 23:03	Gamb1t	Assigned To	=> Gamb1t
2024-03-29 23:03	Gamb1t	Status	new => closed
2024-03-29 23:03	Gamb1t	Resolution	open => fixed

kali-bugreport 2024-03-29 21:51 reporter ~0019080	Upstream issue / discussion: https://github.com/tukaani-project/xz/issues/92

Gamb1t 2024-03-29 23:03 manager ~0019086	Thank you for the report, we were patched early this morning https://www.kali.org/blog/about-the-xz-backdoor/