💭 Arch Linux - News: The xz package has been backdoored
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

!https://archlinux.org/news/the-xz-package-has-been-backdoored/

Date: April 16, 2024

Arch Linux - News: The xz package has been backdoored archlinux.org

Check your system to see if you are vulnerable to the xz backdoor.

I found this line most pertanent to me.

[38;2;248;248;242m│ [0mThe xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

Also it appears that arch is not vulnerable as it does not directly link openssh to liblzma, so the known attack vecotor is not possible. read to the end of the linked article for more.

[38;2;68;71;90mNOTE[0m
[38;2;68;71;90m│ [0mThis post is a [4m[38;2;248;248;242mthought[0m <[38;2;248;248;242m/thoughts/[0m>. It’s a short note that I make about someone else’s content online #thoughts