[10:25] schestowitz[TR2][10:25] schestowitz[TR2]This evening, I had a delightful discussion about programming language design. It was noted that some programming languages like C use curly braces. The curly braces have semantic meanings. In C, JavaScript, and other languages, curly braces denote a block of code. A block of code is a sequence of commands that are enclosed within a particular context. Consider the following code:
[10:25] schestowitz[TR2]
[10:45] schestowitz[TR2][10:45] schestowitz[TR2]The combination of this and patches made by some distributions to the interactions between liblzma, libsystemd, and sshd have resulted in a situation where an attacker can compromise a system by sending a malicious payload to an sshd server.
[10:45] schestowitz[TR2]We are lucky. This only affects AMD64 Linux systems. Currently, incomplete analysis of the vulnerability suggests that this only targets a specific RSA function used in sshd. The exploit is in the wild. This is also a very new version of xz/liblzma, so it is not widely deployed yet. This is also unlikely to affect anything other than Glibc (because of glibc IFUNC support), so if y [10:45] schestowitz[TR2] ou use musl or another libc implementation, you are likely safe.
[10:45] schestowitz[TR2]If you are using a distribution that has not yet released xz 5.6.0 or 5.6.1, you are likely safe.
[10:45] schestowitz[TR2]
[11:13] schestowitz[TR2][11:13] schestowitz[TR2]The Mini Pini is a Wi-Fi 6 radio module designed to meet the challenges of demanding wireless environments. This product leverages Qualcomms advanced QCN9074/72 chipset, ensuring efficient and reliable wireless performance across a variety of applications including industrial settings.
[11:13] schestowitz[TR2]