Precautionary measures on Manjaro Testing Branch in context of CVE-2024-3094

Posted by dba477 on Apr 7, 2024 7:22 AM
By https://dbaxps.blogspot.com
Mail this story
Web version

Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/26 Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: $ ldd "$(command -v sshd)" . However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. – Arch Linux - News: The xz package has been backdoored

Full Story

Printed at http://lxer.com/module/newswire/view/339565/index.html