If you’re running version 5.6.0 or 5.6.1, downgrade immediately.

  • Saff@lemmy.ml
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 months ago

    So I assume the malicious code is being removed and a version 5.6.2 without it will be released soon? Or is it more complex to solve and I’m being naive?

    • CoolYori [she/her]@hexbear.net
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      8 months ago

      So the backdoor was not in the source code but in the system used to build the code. Devs for a long time now have swapped over to an automated build system and what happened with this one is in the last step for the xz build process it adds the backdoor to it. You simply have to remove the references to the data in the build config.

      EDIT: Rewrote a sentence that sounded stupid

    • FriendBesto@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      8 months ago

      Something like that. It should be patched shortly. Thank god for smart people and autists.