linuxmemes

20483 readers

692 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

471

Arch with XZ (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

93 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 117 points 4 months ago (2 children)

Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it's questionable since they don't link sshd with liblzma (although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd uses liblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn't pass the argv[0] requirements and also doesn't link liblzma. Also, fedora.

Btw, https://security.archlinux.org/ASA-202403-1

[–] [email protected] 17 points 4 months ago

Sid was that dickhead in Toystory that broke the toys.

If you're running debian sid and not expecting it to be a buggy insecure mess, then you're doing debian wrong.

[–] [email protected] 5 points 4 months ago (2 children)

Fedora and debian was affected in beta/dev branch only, unlike arch

[–] [email protected] 4 points 4 months ago

Unlike arch that has no "stable". Yap, sure; idk what it was supposed to mean, tho.

[–] [email protected] 2 points 4 months ago

Yes, but Arch, though it had the compromised package, it appears the package didn't actually compromise Arch because of how both Arch and the attack were set up.