Critical Linux Vulnerability Found in xz Package Allows Malicious Code Execution
- Huge SSH login vulnerability found in xz Linux package versions 5.6.0 and 5.6.1
- Exploit allows malicious code execution via complex obfuscation in build process
- Received max 10 CVS severity score and Red Hat critical rating
- Dubbed vulgar name and inverted Heartbleed logo by community
- Recommend downgrade to 5.4.6 or disable public SSH servers on affected distros