Backdoor found in widely used Linux utility

Associate
Joined
19 Oct 2002
Posts
303
Location
The Faithful City
A lot to be said about using a LTS build. Checked my installs this morning and most are still on 5.4.1 (affected version is 5.6).

LTS, stable and testing. This got caught in testing, so at least shows the system works.
 
Soldato
Joined
15 Sep 2009
Posts
2,886
Location
Manchester

More info, i've not had time to read through it yet.

I don't disagree with the article from a skim, but I think people seem to be underestimating how skilled an attack vector was, someone who had built up trust and contributed for multiple years, very skilled injection via various obfuscations, if anything to me it shows the non-fragility of open source because people can review the details whereas closed source they can't.
 
Back
Top Bottom