• Disonantezko@lemmy.sdf.org
    link
    fedilink
    arrow-up
    25
    ·
    8 months ago

    Do you know the exploit was detected in Debian Sid? (by a PostgreSQL developer), Arch got the update (with both compromised versions), but because don’t directly link openssh to liblzma (as Debian), and thus this attack vector is not possible.

    Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.