I love how the xz backdoor hinges on Poettering's Daemon in order to work.

The Register
Headline: "Malicious SSH backdoor sneaks into xz, Linux world's data compression library"
Byline: "Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES"
theregister.com/2024/03/29/mal

Basically, if you have xz-5.6.0 or xz-5.6.1 installed on Linux, downgrade to an earlier version of xz.

If you use an older version of xz, don't use Linux, or somehow do use Linux *without* systemd, you should be fine.

Follow

The reply to this is a fair point: downgrade to a pre-5.6.0 version regardless. It's too soon to know if this exploit path is the only one present.

Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!