• loops@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    8 months ago

    Running Ubuntu 23.10 with xz-utils 5.41 which is unaffected. Versions 5.6.0 and 5.6.1 are the malicious packages. I used Synaptic Package Manager to search for it.

    • Bitrot@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      The bad actor had a launchpad bug to pull it into the Ubuntu LTS beta. Serious kudos to the person who discovered it, literally in the nick of time.

    • lengau
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      On Ubuntu the only affected people were those running the prerelease of Ubuntu 24.04 who had installed the update from the proposed pocket.