How does the xz incident impacts the average user ? #xz - eviltoast

My mastodon feed is full of IT security specialist talking about the xz affair where someone let a backdoor in some library.

But beside showing the two side of Free/Libre software (anybody can add a backdoor, and anybody can spot it), I have no idea how it impacts the average person. Is it a common library or something used only by specific application ? Would my home-grade router protects me ?

  • NeatNit@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    Thank you! I believe this is what the OP was asking, and it’s definitely what I wanted to know :)

    Do we know what the payload is?

    • neatchee@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      7 months ago

      Arbitrary. It could be whatever they wanted at any time. This was a full on remote code execution (RCE) exploit. And baking it into an RSA key is pretty novel

      And you’re welcome :)