mFat@lemdro.id to Linux@lemmy.mlEnglish · 9 months agoUnveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCAswww.youtube.comexternal-linkmessage-square15fedilinkarrow-up1128arrow-down116
arrow-up1112arrow-down1external-linkUnveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCAswww.youtube.commFat@lemdro.id to Linux@lemmy.mlEnglish · 9 months agomessage-square15fedilink
minus-squareGoku@lemmy.worldlinkfedilinkarrow-up5·edit-29 months agoSo if I have been using arch with infected xz library to connect to a Debian LTS server, am I compromised?
minus-squarecybersandwich@lemmy.worldlinkfedilinkarrow-up9·9 months agoAssume yes until you can prove otherwise.
minus-squareTwiddleTwaddle@lemmy.blahaj.zonelinkfedilinkarrow-up6·9 months agoFrom what I’ve read both arch and debian stable aren’t vulnerable to this. It targeted mostly debian-testing.
minus-squareIrate1013@lemmy.mllinkfedilinkarrow-up3·9 months agoArch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/ However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
minus-squarePossibly linux@lemmy.ziplinkfedilinkEnglisharrow-up1·edit-29 months agoI would pay attention to the news. You definitely want to upgrade immediately if you have not already
So if I have been using arch with infected xz library to connect to a Debian LTS server, am I compromised?
Assume yes until you can prove otherwise.
From what I’ve read both arch and debian stable aren’t vulnerable to this. It targeted mostly debian-testing.
Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/
deleted by creator
deleted by creator
I would pay attention to the news. You definitely want to upgrade immediately if you have not already