RedHat reported a 10/10 vulnerability in the xz compression library.
The vulnerability provides remote backdoor access and present in xz 5.6.0 and 5.6.1.
There’s also an interesting discussion of this vulnerability on HackerNews:
annoying - the apparent author of the backdoor was in communication with me over several weeks trying to get xz 5.6.x added to Fedora 40 & 41 because of its "great new features".
#security
>>Click here to continue<<