• dan@upvote.au
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    9 months ago

    The malicious code attempts to hook in to libcrypto, so potentially other services that use libcrypto could be affected too. I don’t think extensive research has been done on this yet.

    SSH doesn’t even use liblzma. It’s pulling in the malicious code via libsystemd, which does use liblzma.

    Edit: “crypto” meaning cryptography of course, not cryptocurrency.