Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCAsmFat@lemdro.id to Linux@lemmy.ml – 110 points – 3 months agoyoutube.com14Post a CommentPreviewYou are viewing a single commentView all commentsShow the parent commentFrom what I've read both arch and debian stable aren't vulnerable to this. It targeted mostly debian-testing.Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/ However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. 2 more...
From what I've read both arch and debian stable aren't vulnerable to this. It targeted mostly debian-testing.Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/ However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. 2 more...
Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/ However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
From what I've read both arch and debian stable aren't vulnerable to this. It targeted mostly debian-testing.
Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/