Atemu@lemmy.ml to Linux@lemmy.ml · 7 months agobackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comexternal-linkmessage-square30fedilinkarrow-up132arrow-down10cross-posted to: selfhosted@lemmy.world
arrow-up132arrow-down1external-linkbackdoor in upstream xz/liblzma leading to ssh server compromisewww.openwall.comAtemu@lemmy.ml to Linux@lemmy.ml · 7 months agomessage-square30fedilinkcross-posted to: selfhosted@lemmy.world
minus-squareSavvyBeardedFish@reddthat.comlinkfedilinkEnglisharrow-up0·7 months agoArchlinux’s XZ was compromised as well. News post Git change for not using tarballs from source
minus-squareflying_sheep@lemmy.mllinkfedilinkarrow-up1·7 months agoNo, read the link you posted: Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: ldd "$(command -v sshd)" However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way.
Archlinux’s XZ was compromised as well.
News post
Git change for not using tarballs from source
No, read the link you posted: