Hm as long as my gerbil can’t reach the desk, I’m safe I guess 
… but yeah chances are that stuff like this will be found more regularly with growing interest on linux.
And in case of ssh sessions, if anyone, who shouldn’t, gains access into a ssh session, there are many other possibilities for privilege escalation.
So from reading that, I guess Arch isn’t vulnerable to the PAM vulnerability since it calls pam_env at the bottom of the stack?
Ahh…there really shouldn’t be. If a non-privileged user can escalate privs simply by having ssh access that would put servers at significant risk. Since most of the internet runs on Linux servers, that would be a pretty big issue.
It is … that’s why you should always stay up to date. An unprivileged user using an ssh session on a foreign system knows what to look for.
Maybe I should have added “potential vulnerabilities” in my first post.
Yeah, it’s been a target on servers for a long time, but increasing exposure on the desktop will bring a whole new class of vulnerability. I also expect social engineering attacks against Linux users to increase as it becomes more of a worthy desktop target.
I wonder if a new industry of anti-virus software specifically for Linux will happen now.
I did wonder about Arch’s vulnerability because it wasn’t specifically mentioned.
Got new updates for libblockdev, udisks and pam this morning (2025-06-19 07:00 UTC) in Linux Mint.
How can I check in EOS/Arch? Pacman surely has some upgrade history?
cat /var/log/pacman.log
Cheers. So just “normal”, no systemd or journalctl “special”.
I don’t know. I personally consult the log file.
“paclog” seems to be another more comfortable option but uses the same logfile as a source. As mentioned by WorMzy in the Arch forums.
All good, thanks. I’m still pretty much into /var/log/something, much more than I know about journalctl or others 