A security vulnerability is said to exist in the software tool “XZ Utils”.
The security warning relates specifically to versions 5.6.0 and 5.6.1 of the tools. The Bonn authority (BSI) classified the IT threat situation as “business-critical” and warned of a “massive impairment of regular operations”.
Does this also apply to EOS?
Read this thread:
TLDR: It depends.
AFAIK, Arch (and so EndeavourOS) was not affected because sshd is not patched and thus does not contain liblzma as ldd /usr/sbin/sshd shows.
Thank you very much for your answers.
I usually only read in the German forum, that’s why I missed it.
djeli
I missed it as well originally, this Discord forum software is kinda… intransparent, compared to an old-style bulletin board. It has it’s HUGE advantages, though, so I take that negative effect of intransparency (which negativity ofc is highly subjective, 100% me) any time.
hmm should i start posting news in German too? would be possible but would need some help in cases i am very busy with developing …
We should not start doublediscuss the xz issue here we have a huge thread already about it with all the info…
http://forum.endeavouros.com/t/the-upstream-xz-repository-and-the-xz-tarballs-have-been-backdoored
–closing–
