The xz package has been backdoored

Forwarding this important piece of information from the Arch Linux news:

https://archlinux.org/news/the-xz-package-has-been-backdoored/

There is already a discussion thread in the Garuda Community space with more information:

This mostly concerns people using SSH to access their systems.

TLDR: update your systems now!

19 Likes

For those who did not quite understand how the vulnerability or rather the backdoor was introduced in the xz repo this video does a good job explaining it.

9 Likes