If you're running version 5.6.0 or 5.6.1, downgrade immediately.

    • hello_hello [comrade/them]
      ·
      edit-2
      9 months ago

      The only people who will have this vulnerability AFAIK (and have it be actionable with the ssh backdoor) are folks running Debian unstable on a ssh server. The shitty part about this is a rupture in trust for the maintainers at xz.

      Honestly, the attacker picked a really shitty time frame considering their payload isn't in any important point releases where they could have the most effect.