Follow
I love how the xz backdoor hinges on Poettering's Daemon in order to work.
The Register
Headline: "Malicious SSH backdoor sneaks into xz, Linux world's data compression library"
Byline: "Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES"
https://www.theregister.com/2024/03/29/malicious_backdoor_xz/
The reply to this is a fair point: downgrade to a pre-5.6.0 version regardless. It's too soon to know if this exploit path is the only one present.
@arielmt Honestly, i'd say it's better to downgrade regardless.
Basically, if you have xz-5.6.0 or xz-5.6.1 installed on Linux, downgrade to an earlier version of xz.
If you use an older version of xz, don't use Linux, or somehow do use Linux *without* systemd, you should be fine.