linuxmemes

20751 readers

1107 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

473

Arch with XZ (lemmy.world)

submitted 5 months ago by [email protected] to c/[email protected]

93 comments fedilink hide all child comments

(page 2) 45 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

I just did: "rm -rf xz"

pacman -Syu
find / -name "*xz*"  | sort | grep -e '\.xz$' | xargs -o -n1 rm -i 
pacman -Qqn | pacman -S -

(and please, absolutely don't run above as root. Just don't.) I carefully answered to retain any root owned files and my backups, despite knowing the backdoor wasn't included in the culprit package. This system has now "un-trusted" status, meaning I'll clean re-install the OS, once the full analysis of the backdoor payload is available.

Edit: I also booted the "untrusted" system without physical access to the web, no gui, and installed the fixed package transferred to it locally. (that system is also going to be dd if=/dev/zero'd)

[–] [email protected] 1 points 5 months ago

QubesOS uses debian and fedora

[–] [email protected] 1 points 5 months ago

I'm fairly sure NixOS Unstable also has it.

[–] [email protected] 1 points 5 months ago

Fedora got hit too.

[–] [email protected] 1 points 5 months ago

Me, using arch and fedora 40 beta, just ignoring it

load more comments