Daily Linux & Open Source News - S01E66 - Big backdoor in major Linux library
Added 2024-04-01 11:29:21 +0000 UTCHey everyone!
In today's episode, we have:
00:05 Popular XZ library has been compromised
https://linuxiac.com/debian-decided-to-postpone-the-12-6-release/
https://www.phoronix.com/news/GitHub-Disables-XZ-Repo
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://www.phoronix.com/news/XZ-CVE-2024-3094
03:40 Plasma 6.1 will bring some nice stuff
https://pointieststick.com/2024/03/29/this-week-in-kde-looking-forward-towards-plasma-6-1/
https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/4093
05:49 Servo web browser engine is making progress
https://www.phoronix.com/news/Servo-Web-Engine-March-2023
https://servo.org/blog/2024/03/30/tables-woff2-outreachy/
07:54 Notable new apps and updates
https://blogs.kde.org/2024/03/29/marknote-finally-released/
https://www.phoronix.com/news/Flowblade-2.14-Released
Have a nice day!
Comments
Potentially, but it could also be mitigated by building from source, more continuous integration tests, disallowing binary blobs, etc. Maybe. I'm a relative novice in this.
NotMyName
2024-04-02 12:40:00 +0000 UTCThis is potential area where AI might actually be useful, flagging suspicious commits, e.g. by detecting committed code that doesn't connect directly or indirectly to a supported and documented feature. I'm sure it will be challenging to implement, but much more worthwhile than generating videos with strange anatomy and physics.
Steve C
2024-04-01 16:40:10 +0000 UTCPretty scary stuff to have such a backdoor, I wonder if it's really the contributor who acted this way or if his or her account was hacked by someone else.
UsernamesAreHard
2024-04-01 13:32:30 +0000 UTC
