• black0ut
    link
    fedilink
    arrow-up
    34
    arrow-down
    1
    ·
    9 months ago

    If you use Arch, you aren’t really affected. As far as we know, the backdoor only affects SSH if it is linked against liblzma, which is a requirement for libsystemd. However, Arch doesn’t use that, so SSH has probably been safe. However, you should still update, because we don’t know if the backdoor could’ve been used in other ways.

    Note that if you update, xz 5.6.1-2 will be installed. This is a safe version. However, if you run xz --version, it will still report version 5.6.1.