canpolat@programming.dev to Programming@programming.devEnglish · 9 months agoWhat we know about the xz Utils backdoor that almost infected the worldarstechnica.comexternal-linkmessage-square35fedilinkarrow-up1221arrow-down14cross-posted to: hackernews@lemmy.smeargle.fanssecurity@programming.devintegritet@aggregatet.org
arrow-up1217arrow-down1external-linkWhat we know about the xz Utils backdoor that almost infected the worldarstechnica.comcanpolat@programming.dev to Programming@programming.devEnglish · 9 months agomessage-square35fedilinkcross-posted to: hackernews@lemmy.smeargle.fanssecurity@programming.devintegritet@aggregatet.org
minus-squareCossty@lemmy.worldlinkfedilinkarrow-up3·9 months agoSo if I don’t use SSH am I fine? Because my distro doesn’t let me remove the package. Other packages depend on it.
minus-squareFlipper@feddit.delinkfedilinkEnglisharrow-up7·9 months agoUnless you’re running Debian testing you’re safe. If ssh isn’t open to the internet you’re safe. Just make sure everything is up-to-date.
minus-squareSteveTech@programming.devlinkfedilinkEnglisharrow-up8·9 months agoDebian testing has ‘updated’ to 5.6.1+really5.4.5-1 anyway, so as long as you’ve updated within the past few days it will have been downgraded to 5.4.5.
minus-squarelambchop@lemmy.worldlinkfedilinkarrow-up2·9 months agoYou can’t remove it but you can downgrade.
So if I don’t use SSH am I fine? Because my distro doesn’t let me remove the package. Other packages depend on it.
Unless you’re running Debian testing you’re safe. If ssh isn’t open to the internet you’re safe. Just make sure everything is up-to-date.
Debian testing has ‘updated’ to
5.6.1+really5.4.5-1
anyway, so as long as you’ve updated within the past few days it will have been downgraded to 5.4.5.You can’t remove it but you can downgrade.