CVE-2024-3094 - xz/liblzma backdoor starting with version 5.6.0

Sat, 30 Mar 2024 22:01:00
0 minutes, 52 seconds
Dan

backdoor in upstream xz/liblzma leading to ssh server compromise
CVE-2024-3094 Detail
Archlinux - The xz package has been backdoored

All servers have already been updated and tested. Everything is fine.

If you use Arch, test it as follows:

ldd /usr/sbin/sshd | grep -e libsystemd -e liblzma...
Continue Reading

Log4shell - Five Eyes published a scanner for everyone

Sun, 26 Dec 2021 10:42:00
1 minute, 21 seconds
Dan

Log4shell

As you may have heard, since December 9 there is a severe vulnerability called Log4shell (and other Log4j-related vulnerabilities) that affects a wide range of Java applications. The "Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI" library.

Scanners

Five Eye

...
Continue Reading