PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has “a backdoor”, but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (…)

  • LinkA
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    What if you had the service enabled on an Arch based distro?

    • theit8514@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      Each distribution is different but Arch has stated that they did have the exploit artifact in their version of xz but the artifact was not loaded into memory with sshd as their process does not link sshd with liblzma library.

      More details below but highly recommend upgrade/downgrade anyways to remove the exploit code version.

      https://archlinux.org/news/the-xz-package-has-been-backdoored/