TL;DR there was a backdoor found in the XZ program. All major distros have been updated but it is recommended that you do a fresh install on systems that are exposed to the internet and that had the bad version of the program. Only upstream distros were affected.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    42
    ·
    8 months ago

    This was basically a lucky catch. Sadly makes you wonder how many backdoors like that have not been found (yet). Never the less the distro model of not feeding in upstream binaries directly is an important part of the multi-barrier security.

    • Possibly linuxOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      8 months ago

      One still could hide something in source code. I think we need to just be more security aware in general. Having source code isn’t useful if someone deliberately put a security hole in it