URGENT! XZ pkg compromized

Colin · 31 March 2024 23:36

Will an update via Garuda Update be forthcoming?

BluishHumility · 31 March 2024 23:52

@Colin if you are up to date, you are already on the “safe” version. Note that the desired version is a “-2”, as in “5.6.1-2” (not to be mistaken for “5.6.2”).

pacman -Q xz
xz 5.6.1-2

You can also rest assured that your system is not vulnerable to the known exploit, no matter what version is in use. Arch Linux - News: The xz package has been backdoored

Colin · 31 March 2024 23:59

I’m up to date:

pacman -Q xz
xz 5.6.1-2

Thanks for the info.

Colin · 1 April 2024 23:56

This is a valid point…

mad · 2 April 2024 16:44

There was a new update, we should be extra safe now, I presume

pacman -Q xz
xz 5.6.1-3

system · 16 April 2024 16:44

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.