mas.to is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hello! mas.to is a fast, up-to-date and fun Mastodon server.

Administered by:

Server stats:

13K
active users

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

openwall.com/lists/oss-securit

www.openwall.comoss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
Thomas

@AndresFreundTec what's really remarkable is that you've found the attack not through a functional analysis or formal review but with a sound software engineering approach: the Valgrind effect had been tinkered on - the CPU load impact, however, is a classical side channel usually only used for attack, not for defense. Kudos for making the role of good software engineering obvious for systems security!