• Doombot1@lemmy.one
    link
    fedilink
    arrow-up
    17
    ·
    8 months ago

    ELI5 what does this mean for the average Linux user? I run a few Ubuntu 22.04 systems (yeah yeah, I know, canonical schmanonical) - but they aren’t bleeding edge, so they shouldn’t exhibit this vulnerability, right?

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      21
      arrow-down
      3
      ·
      8 months ago

      The average user? Nothing. Mostly it just affects those who get the newest versions of everything.

      • flying_sheep@lemmy.ml
        link
        fedilink
        arrow-up
        4
        ·
        8 months ago

        In this case I think that’s just Fedora and Debian Sid users or so.

        The backdoor only activates during DEB or RPM builds, and was quickly discovered so only rolling release distros using either package format were affected.

      • 0xtero@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        It mostly affects/targets the build systems of binary distros - infecting their build machines with this would result in complete compromise of released distro down the line.

    • rotopenguin@infosec.pub
      link
      fedilink
      English
      arrow-up
      17
      ·
      8 months ago

      apt info xz-utils

      Your version is old as balls. Even if you were on Mantic, it would still be old as balls.