My mastodon feed is full of IT security specialist talking about the xz affair where someone let a backdoor in some library.

But beside showing the two side of Free/Libre software (anybody can add a backdoor, and anybody can spot it), I have no idea how it impacts the average person. Is it a common library or something used only by specific application ? Would my home-grade router protects me ?

  • Glitchington
    link
    fedilink
    108 months ago

    From the archlinux.org news post on the issue.

    Arch does not directly link openssh to liblzma, and thus this attack vector is not possible.

    • @[email protected]
      link
      fedilink
      English
      28 months ago

      oh 100% i was just taking in general of upstream bleeding edge distro being vulnerable to this kind of upstream attack not specific to xz