ngn@lemy.lol to Memes@lemmy.mlEnglish · 7 个月前love is in the air?lemy.lolimagemessage-square42fedilinkarrow-up10arrow-down10
arrow-up10arrow-down1imagelove is in the air?lemy.lolngn@lemy.lol to Memes@lemmy.mlEnglish · 7 个月前message-square42fedilink
minus-square30p87@feddit.delinkfedilinkarrow-up0·7 个月前Arch isn’t affected afaik, as it specifically targeted Debian and RPM. Also, sshd isn’t linked against liblzma (or something along those lines). And I hope that’s true, because otherwise, I had a backdoor on a public system for over a month.
minus-squareReversalHatchery@beehaw.orglinkfedilinkEnglisharrow-up0·7 个月前 Also, sshd isn’t linked against liblzma Not directly, but it’s loaded through systemd’s lib. It is there.
minus-squarewildbus8979@sh.itjust.workslinkfedilinkarrow-up0·7 个月前https://archlinux.org/news/the-xz-package-has-been-backdoored/
minus-squareHopFlop@discuss.tchncs.delinkfedilinkarrow-up0·7 个月前Yeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.
minus-square30p87@feddit.delinkfedilinkarrow-up0·7 个月前And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says: “These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:” I’m not an expert of course.
minus-squarebrvslvrnst@lemmy.mllinkfedilinkarrow-up0·7 个月前Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits
minus-squareu/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.orglinkfedilinkEnglisharrow-up0·edit-27 个月前And the packages on most distros should be long updated by now. Even Termux updated to 5.6.1+really5.4.5 just 2 hours after Arch Linux.
minus-square30p87@feddit.delinkfedilinkarrow-up0·7 个月前I just updated all packages in Termux actually lol
minus-squareu/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.orglinkfedilinkEnglisharrow-up0·7 个月前What package manager is that?
Arch isn’t affected afaik, as it specifically targeted Debian and RPM. Also, sshd isn’t linked against liblzma (or something along those lines). And I hope that’s true, because otherwise, I had a backdoor on a public system for over a month.
Not directly, but it’s loaded through systemd’s lib. It is there.
https://archlinux.org/news/the-xz-package-has-been-backdoored/
Yeah but the backdoor does not work on Arch (as far as we currently know). It relies on a linking of libraries that Arch doesnt do by default.
And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says:
“These conditions include targeting only x86-64 linux: […] Building with gcc and the gnu linker […] Running as part of a debian or RPM package build:”
I’m not an expert of course.
Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those “test and translation” commits
And the packages on most distros should be long updated by now.
Even Termux updated to
5.6.1+really5.4.5just 2 hours after Arch Linux.I just updated all packages in Termux actually lol
What package manager is that?