this post was submitted on 30 Mar 2024
305 points (89.6% liked)

Memes

45727 readers
1025 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] 30p87@feddit.de 22 points 7 months ago (11 children)

Arch isn't affected afaik, as it specifically targeted Debian and RPM. Also, sshd isn't linked against liblzma (or something along those lines). And I hope that's true, because otherwise, I had a backdoor on a public system for over a month.

[–] wildbus8979@sh.itjust.works 6 points 7 months ago (3 children)
[–] 30p87@feddit.de 7 points 7 months ago (1 children)

And as https://www.openwall.com/lists/oss-security/2024/03/29/4 says:

"These conditions include targeting only x86-64 linux: [...] Building with gcc and the gnu linker [...] Running as part of a debian or RPM package build:"

I'm not an expert of course.

[–] bravesilvernest@lemmy.ml 2 points 7 months ago

Holy shit that was a hell of a dive. And no wonder the dude got it working, he was just pounding those "test and translation" commits

load more comments (1 replies)
load more comments (8 replies)