this post was submitted on 31 Mar 2024
83 points (95.6% liked)

Explain Like I'm Five

14277 readers
9 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
 

PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has "a backdoor", but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (...)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 7 months ago (1 children)

While the full extent of the exploit is not fully known, it seems specifically targeted at the sshd binary on deb and rpm based systems. If you've got that service disabled it should not have been running actively on your system. You should still perform whatever is needed to downgrade, but I would say you're in the clear.

[–] [email protected] 2 points 7 months ago (1 children)

What if you had the service enabled on an Arch based distro?

[–] [email protected] 1 points 7 months ago

Each distribution is different but Arch has stated that they did have the exploit artifact in their version of xz but the artifact was not loaded into memory with sshd as their process does not link sshd with liblzma library.

More details below but highly recommend upgrade/downgrade anyways to remove the exploit code version.

https://archlinux.org/news/the-xz-package-has-been-backdoored/