[kwlug-disc] Fw: Backdoor found in widely used Linux utility

[Khalid Baheyeldin]

Here is a detailed description of the exploit from the guy who discovered it.

https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

It is very nefarious: obfuscated code that pretends to be testing in
make files and such, containing obfuscated shell code that inject the
malicious code.

In my case, I am still on Ubuntu 22.04, and the version of the
liblzma5 is 5.2.5, which is a few versions behind 5.6.