this post was submitted on 30 Mar 2024
473 points (84.3% liked)

linuxmemes

21226 readers
89 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    473
    Arch with XZ (lemmy.world)
    submitted 7 months ago by qwioeue@lemmy.world to c/linuxmemes@lemmy.world
    93 comments fedilink hide all child comments
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] fl42v@lemmy.ml 117 points 7 months ago (2 children)

    Incorrect: the backdoored version was originally discovered by a Debian sid user on their system, and it presumably worked. On arch it's questionable since they don't link sshd with liblzma (although some say some kind of a cross-contamination may be possible via a patch used to support some systemd thingy, and systemd uses liblzma). Also, probably the rolling opensuse, and mb Ubuntu. Also nixos-unstalbe, but it doesn't pass the argv[0] requirements and also doesn't link liblzma. Also, fedora.

    Btw, https://security.archlinux.org/ASA-202403-1

    [–] SpaceCowboy@lemmy.ca 17 points 7 months ago

    Sid was that dickhead in Toystory that broke the toys.

    If you're running debian sid and not expecting it to be a buggy insecure mess, then you're doing debian wrong.

    [–] mexicancartel@lemmy.dbzer0.com 5 points 7 months ago (2 children)

    Fedora and debian was affected in beta/dev branch only, unlike arch

    [–] fl42v@lemmy.ml 4 points 7 months ago

    Unlike arch that has no "stable". Yap, sure; idk what it was supposed to mean, tho.

    [–] milicent_bystandr@lemm.ee 2 points 7 months ago

    Yes, but Arch, though it had the compromised package, it appears the package didn't actually compromise Arch because of how both Arch and the attack were set up.