244
'Critical' vulnerability in OpenSSH uncovered, affects almost all Linux systems
(www.computing.co.uk)
this post was submitted on 01 Jul 2024
244 points (98.8% liked)
Linux
4781 readers
242 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, targeted attacks like that definitely exist, most famously maybe the most recent social pressure to merge a vulnerability to the xz library by actor "Jia Tan":
https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
This started a whole discussion about relying on (often unpaid) volunteer work for critical systems and the pressure and negativity these people face, which is a discussion that was absolutely needed, and which we are still lightyears away from fixing.
Currently, open source is still treated like this: https://trac.ffmpeg.org/ticket/10341
(I can only recommend reading the whole story around this issue, which boils down to Microsoft admitting they rely on an open source project for something they consider critical to their customers, but not willing to pay the maintainer a bounty for fixing the issue)