techzine

xz backdoor shows how vulnerable open-source is to hackers playing the long game

A security leak in the Linux compression tool xz shows open-source systems’ vulnerability to multi-year infiltration tactics by “trusted” contributors. In this case, the culprits added malicious code ...
GIGAZINE

Security company Kaspersky explains how the backdoor of the compression tool 'XZ Utils' used in Linux environments is embedded

XZ is a compression tool used in many Linux distributions, and this time the attack specifically targeted the OpenSSH server process 'sshd.' In distributions such as 'Ubuntu,' 'Debian,' and ...
GitHub

luau-project/lua-xz

For this example, we compress the README.md file of this project, which might even become larger than the original due its small size. In the end of the script execution, a file named README.md.lzma ...
GitHub

xz: (stdin): Unsupported type of integrity check; not verifying file integrity

After some troubleshooting, I found this issue (#3554) and followed a similar approach by upgrading xz. Instead of the version mentioned in the issue, I installed the latest xz version (v5.8.1) from ...