@[email protected] to [email protected]English • 7 months agoWhat we know about the xz Utils backdoor that almost infected the worldarstechnica.comexternal-linkmessage-square32fedilinkarrow-up11arrow-down10cross-posted to: programmingtechnologyhackernews
arrow-up11arrow-down1external-linkWhat we know about the xz Utils backdoor that almost infected the worldarstechnica.com@[email protected] to [email protected]English • 7 months agomessage-square32fedilinkcross-posted to: programmingtechnologyhackernews
minus-square@[email protected]linkfedilink0•7 months agoSo if I don’t use SSH am I fine? Because my distro doesn’t let me remove the package. Other packages depend on it.
minus-square@[email protected]linkfedilinkEnglish0•7 months agoUnless you’re running Debian testing you’re safe. If ssh isn’t open to the internet you’re safe. Just make sure everything is up-to-date.
minus-square@[email protected]linkfedilinkEnglish0•7 months agoDebian testing has ‘updated’ to 5.6.1+really5.4.5-1 anyway, so as long as you’ve updated within the past few days it will have been downgraded to 5.4.5.
So if I don’t use SSH am I fine? Because my distro doesn’t let me remove the package. Other packages depend on it.
You can’t remove it but you can downgrade.
Unless you’re running Debian testing you’re safe. If ssh isn’t open to the internet you’re safe. Just make sure everything is up-to-date.
Debian testing has ‘updated’ to
5.6.1+really5.4.5-1anyway, so as long as you’ve updated within the past few days it will have been downgraded to 5.4.5.