In the latest liblzma update, a trusted bad actor called 'JiaT75' implemented a backdoor which allows RCE (sending calls to system()) on ssh connections. Her...
For all those wanting to know what version of the xz package you have, DO NOT use xz -V or xz --version. Ask your package manager instead; e.g. apt info xz-utils. Executing a potentially malicious binary IS NOT a good idea, so ask your package manager instead.
For all those wanting to know what version of the xz package you have, DO NOT use
xz -Vorxz --version. Ask your package manager instead; e.g.apt info xz-utils. Executing a potentially malicious binary IS NOT a good idea, so ask your package manager instead.