PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has “a backdoor”, but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (…)

  • jonne@infosec.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    9 months ago

    Maybe initially, when nobody knew about it. I bet it’ll be reverse engineered and filtered down to script kiddies soon, if it hasn’t already. If your server is affected, you should definitely fix it or even reinstall.