Precautionary measures on Manjaro Testing Branch in context of CVE-2024-3094

Posted by dba477 on Apr 7, 2024 9:22 AM EDT
https://dbaxps.blogspot.com; By Boris Derzhavets 		Mail this story
Print this story

Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerabil... Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: $ ldd "$(command -v sshd)" . However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist. – Arch Linux - News: The xz package has been backdoored

Full Story

  Nav
» Read more about: Story Type: Tutorial; Groups: Arch, Developer, Distributions

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.