For all those wanting to know what version of the xz package you have, DO NOT use
xz -Vorxz --version. Ask your package manager instead; e.g.apt info xz-utils. Executing a potentially malicious binary IS NOT a good idea, so ask your package manager instead.So if I have been using arch with infected xz library to connect to a Debian LTS server, am I compromised?
From what I’ve read both arch and debian stable aren’t vulnerable to this. It targeted mostly debian-testing.
Arch put out a statement saying users should update to a non infected binary even though it doesn’t appear to affect Arch https://archlinux.org/news/the-xz-package-has-been-backdoored/
However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
deleted by creator
I need the IASIP meme for this thumbnail
Here is an alternative Piped link(s):
https://piped.video/watch?v=gyOz9s4ydho
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Anyone got a link for this topic that isn’t a video?
