TL;DR there was a backdoor found in the XZ program. All major distros have been updated but it is recommended that you do a fresh install on systems that are exposed to the internet and that had the bad version of the program. Only upstream distros were affected.

  • RegalPotoo@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    The reason openssh links liblzma in the first place is to enable a systemd feature, so naturally “systemd bad, it’s proximity to a security issue is yet more proof that a pile of shell scripts in a trenchcoat is a superior init system” etc