Arch Linux

7668 readers

1 users here now

The beloved lightweight distro

founded 4 years ago

MODERATORS

[email protected]

369

The xz package has been backdoored, you need to update your system now (archlinux.org)

submitted 6 months ago by [email protected] to c/[email protected]

44 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 6 months ago (1 children)

I am a brand new debian user, with debian running on two active laptops (mine and my daughter's). Is this something I need to be concerned about and if so, what do I do?

Literally first week or two of use and still quite lost trying to get used to the massive difference from Windows.

[–] [email protected] 18 points 6 months ago (1 children)

If you're on Debian stable, you don't need to worry too much. This attack is actually targeted at Debian and Debian-based systems, but Debian is slow to update packages to make sure everything is stable. Thanks to this, Debian stable never updated with the infected package.

If you were on one of the Debian testing updates though your system is in danger. The other concern is that the bad user who pushed this backdoor has been providing code updates for two years. Seemingly these other updates were legitimate to get him in position to sneak in this backdoor, but there is a chance that he has already snuck in some other kind of backdoor that hasn't yet been identified and that could be present on your system.

For the time being, you're probably ok and we just need to wait to see if any other backdoors are found in the code.

[–] [email protected] 1 points 6 months ago

Okay, thank you very much.