Yes, indeed the backdoor code checks, in the event of ssh authentication with a certificate, that it was signed with a specific ssh private key (their own CA), the corresponding public key being hardcoded in the backdoor code.
But this project xzbot demonstrates how to patch the corrupted liblzma to replace the key
Oh thank you so much for these instructions I'll go through them on my computer.
I indeed wanted to know if the versions were still downloadable anywhere but if you can still install the correct liblzma version on any version of the distribution that works. I tried on a Debian VM on mac but with too little knowledge and it never run the correct liblzma
xzbot from Anthony Weems enables to patch the corrupted liblzma to change the private key used to compare it to the signed ssh certificate, so adding this to your instructions might enable me to demonstrate sshing into the VM :)
China is already communist
Taking things for granted on an open-source software without willing to do anything
I know it's a shipost and this meme is at least 15 years old. But meat, cheese, and white bread (especially the ones in the US with added sugar) were never healthy
That's being poly