A very interesting supply chain vulnerability has been found in SSH. It’s been contained and would only affect users recent dev releases or distros that closely track upstream (e.g., Kali or Debian Sid).
I won’t repeat what’s already been written about it. Tom Lawrence has a really good treatment of it here along with links to source material.
I won’t repeat what’s already been written about it. Tom Lawrence has a really good treatment of it here along with links to source material.