- cross-posted to:
- sysadmin@lemmy.world
- cross-posted to:
- sysadmin@lemmy.world
TL;DR there was a backdoor found in the XZ program. All major distros have been updated but it is recommended that you do a fresh install on systems that are exposed to the internet and that had the bad version of the program. Only upstream distros were affected.
I am not deep enough in it, but from the arch-announce mailinglist:
$(command -v sshd)
https://www.openwall.com/lists/oss-security/2024/03/29/4