Discussion:
malware backdoor in very latest linux
(too old to reply)
Ozix
2024-03-30 02:32:03 UTC
Permalink
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Also in Suse Tumbleweed and other such rolling/testing distros.
noel
2024-03-30 10:01:34 UTC
Permalink
Post by Ozix
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
rawhide-users
Post by Ozix
Also in Suse Tumbleweed and other such rolling/testing distros.
of course your likely safe if using a non systemd distro, slackware is
free of it because it doesnt use the virus worse then covid - systemd.

of course also the obvious...
always sign packages and their checksum files with a secure gpg key
d/l'rs always check the signing, checksums meh they only confirm your d/l
is complete, not like this mess an archiver psackage (xv) has been r00ted
especially if your distro packager :P
Ozix
2024-03-31 00:20:28 UTC
Permalink
Post by Ozix
Post by Ozix
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
rawhide-users
Post by Ozix
Also in Suse Tumbleweed and other such rolling/testing distros.
of course your likely safe if using a non systemd distro, slackware is
free of it because it doesnt use the virus worse then covid - systemd.
of course also the obvious...
always sign packages and their checksum files with a secure gpg key
d/l'rs always check the signing, checksums meh they only confirm your d/l
is complete, not like this mess an archiver psackage (xv) has been r00ted
especially if your distro packager :P
xckd did a cartoon about about global digital infrastructure being
dependent on some code maintained by a single person:
https://xkcd.com/2347/
Computer Nerd Kev
2024-03-31 00:46:20 UTC
Permalink
Post by Ozix
Post by Ozix
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-
rawhide-users
Post by Ozix
Also in Suse Tumbleweed and other such rolling/testing distros.
of course your likely safe if using a non systemd distro, slackware is
free of it because it doesnt use the virus worse then covid - systemd.
Yes the SSH vulnerability only works a result of patches done by
distros for Systemd support in openSSH.
Post by Ozix
of course also the obvious...
always sign packages and their checksum files with a secure gpg key
d/l'rs always check the signing, checksums meh they only confirm your d/l
is complete, not like this mess an archiver psackage (xv) has been r00ted
especially if your distro packager :P
True, but here it was a trusted developer of XZ Utils who put in
the backdoor code, and they actually had the key to sign releases
as authentic. So signed checksums can't help in a case like this.
--
__ __
#_ < |\| |< _#
noel
2024-04-01 01:13:33 UTC
Permalink
Post by noel
always sign packages and their checksum files with a secure gpg key
d/l'rs always check the signing, checksums meh they only confirm your
d/l is complete, not like this mess an archiver psackage (xv) has been
r00ted especially if your distro packager :P
True, but here it was a trusted developer of XZ Utils who put in the
backdoor code, and they actually had the key to sign releases as
authentic. So signed checksums can't help in a case like this.
Indeed, although that information was not available before I posted
that :)

Loading...