|
|
Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/26
Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: $ ldd "$(command -v sshd)" . However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
– Arch Linux - News: The xz package has been backdoored
|
|
Full Story |