Hello, As you probably have heard, a seriously compromised version of xz-utils and liblzma successfully made its way into Debian unstable and testing:
https://lists.debian.org/debian-security-announce/2024/msg00057.html https://www.openwall.com/lists/oss-security/2024/03/29/4 According to our investigation, only a single machine of the cfarm has been using the compromised packages: cfarm421. As a remediation, we have updated the xz-utils packages on Fri Mar 29 17:23 UTC and rebooted the host. Nobody seems to know yet what the malicious payload was doing exactly, except that it targeted sshd. If the malicious payload was allowing a specific SSH key from an attacker, it would have been hard to exploit because of the custom SSH port on cfarm421 and the relatively short timespan for exploitation (from 2024-03-18 to 2024-03-29). We have found no trace indicating that the system has been compromised. If you have been connecting over SSH to cfarm421 since it was made available on the farm, you should be aware that you have connected to a sshd daemon that was running a malicious payload. We should hopefully learn in the coming days whether this is a serious problem or not. Regards, Baptiste, for the cfarm admin team
signature.asc
Description: PGP signature
_______________________________________________ cfarm-users mailing list cfarm-users@lists.tetaneutral.net https://lists.tetaneutral.net/listinfo/cfarm-users
