The xz package that has already entered the current F40 pre-release versions/variants and rawhide contains malicious code. This does NOT affect users of the Fedora releases (F38, F39 are thus not affected), but all users who use already F40 pre-release versions/variants or rawhide shall read this: Article: CVE details: https://access.redhat.com/security/cve/CVE-2024-3094 Be aware that this is CVE criticality 10: this is the highest risk factor. Also be aware that the header of the RH arti...
I’m kinda hoping it was just that a state sponsored attacker showed up on their door and said “include this snippet or else…” otherwise it’s terrifying thinking of someone planning some long con like this
We are all relying on the honesty of a few overworked volunteers…
They could of been working for Russia or someone else
Or even a criminal organization.
I doubt it. Criminal organizations aren’t normally going around sabotaging things as that would shoot them in there own foot.