A Microsoft engineer noticed something was off on a piece of software he worked on. He soon discovered someone was probably trying to gain access to computers all over the world.
Do you know the exploit was detected in Debian Sid? (by a PostgreSQL developer), Arch got the update (with both compromised versions), but because don’t directly link openssh to liblzma (as Debian), and thus this attack vector is not possible.
Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.
There was some checking in the exploit to verify that it was being built for a deb or rpm package, it didn’t build for anything else. Also, the way the exploit was loaded at runtime relied on features of systemd that Arch isn’t using. It was a dud on Arch.
You’re late to the party NYT.
Also, dude made a good save. Only arch users got hit lol
The hack mainly targeted Debian and fedora
Arch doesn’t directly link openssh to liblzma, so the hack doesn’t affect arch users.
But on Debian it only shipped on sid. This is the reason for Debians slow as removed release cycle
Arch didn’t patch it with systemd so it didn’t really affect them afaik. It did hit OpenSUSE Tumbleweed users.
Do you know the exploit was detected in Debian Sid? (by a
PostgreSQL
developer), Arch got the update (with both compromised versions), but because don’t directly linkopenssh
toliblzma
(as Debian), and thus this attack vector is not possible.Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.
There was some checking in the exploit to verify that it was being built for a deb or rpm package, it didn’t build for anything else. Also, the way the exploit was loaded at runtime relied on features of systemd that Arch isn’t using. It was a dud on Arch.
Fedora 40 testing branch and rawhide got it as well, as well tumbleweed and debian sid
And how many people actually use those? Arch got hit the hardest
Ok that’s a bad joke. The exploit targeted Debian, Ubuntu and RHEL
I was on Fedora Kinoite 40 testing compose when it hit… so me
You were not the target. The idea probably was to get it pushed into downstream over a longer period
I understand that the Linux ecosystem in general was ultimately the target, yes.
I was answering “how many people use those?”
nothing of value was lost