LXer: Precautionary measures on Manjaro Testing Branch in context of CVE-2024-3094
by LXer from LinuxQuestions.org on (#6KX5Z)
Published at LXer:
Per https://forum.manjaro.org/t/xz-packa...lity/159028/26 Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: $ ldd "$(command -v sshd)" . However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.i Arch Linux - News: The xz package has been backdoored
Read More...
Per https://forum.manjaro.org/t/xz-packa...lity/159028/26 Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command: $ ldd "$(command -v sshd)" . However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.i Arch Linux - News: The xz package has been backdoored
Read More...