linuxmemes

20483 readers

1093 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

471

Arch with XZ (lemmy.world)

submitted 4 months ago by [email protected] to c/[email protected]

93 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 4 months ago (1 children)

In the case of Arch the backdoor also wasn't inserted into liblzma at all, because at build time there was a check to see if it's being built on a deb or rpm based system, and only inserts it in those two cases.

See https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 for an analysis of the situation.

So even if Arch built their xz binaries off the backdoored tarball, it was never actually vulnerable.

[–] [email protected] 1 points 4 months ago

I just know there is a lot of uncertainty. Maybe a complete wipe is a over reaction but it is better to be safe