this post was submitted on 30 Mar 2024
73 points (100.0% liked)

technology

22835 readers
1 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

If you're running version 5.6.0 or 5.6.1, downgrade immediately.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 7 months ago* (last edited 7 months ago)

The only people who will have this vulnerability AFAIK (and have it be actionable with the ssh backdoor) are folks running Debian unstable on a ssh server. The shitty part about this is a rupture in trust for the maintainers at xz.

Honestly, the attacker picked a really shitty time frame considering their payload isn't in any important point releases where they could have the most effect.