As far as I know It’s a very specific attack. You need to run a distribution that is rolling release _and_ uses the binary tarball of XZ while having the SSH system notify thing on. Its almost specifically sorts out Debian testing derivatives and Fedora.
For example, Arch has the infected binary but its SSH is not linked to it. NixOS will have the 5.6.1 version but its clean because they’ve built from source instead of using the published binaries.
But if you have something important running on those servers that got touched by those exploits its better to just wipe clean and redeploy those machines.
iru /
npub1nmk…2975
2024-04-06 16:32:22
in reply to nevent1q…msta
Author Public Key
npub1nmk2399jazpsup0vsm6dzxw7gydzm5atedj4yhdkn3yx7jh7tzpq842975Published at
2024-04-06 16:32:22Event JSON
{
"id": "b5f12c512f87add8c2bbe3b1766073b9cfeaedec50d57b4dd18000d4079ca651",
"pubkey": "9eeca894b2e8830e05ec86f4d119de411a2dd3abcb65525db69c486f4afe5882",
"created_at": 1712413942,
"kind": 1,
"tags": [
[
"e",
"d1935e60a4513c4759ce2652d0d62768bccc6c3ac020d3c842d71be08fb73bd2"
],
[
"e",
"0db8ac76b8282af1da2df01cf6ed93f28024646ac1facb797d7c4ae653f86c30"
],
[
"p",
"04c915daefee38317fa734444acee390a8269fe5810b2241e5e6dd343dfbecc9"
],
[
"p",
"fecd317a543c0a625511af26d2ef793c1be1e0c75689453d594475b0aed46e1b"
]
],
"content": "As far as I know It’s a very specific attack. You need to run a distribution that is rolling release _and_ uses the binary tarball of XZ while having the SSH system notify thing on. Its almost specifically sorts out Debian testing derivatives and Fedora.\n\nFor example, Arch has the infected binary but its SSH is not linked to it. NixOS will have the 5.6.1 version but its clean because they’ve built from source instead of using the published binaries.\n\nBut if you have something important running on those servers that got touched by those exploits its better to just wipe clean and redeploy those machines.",
"sig": "2da660eb5d56623e17043508ac4f40834c97eab63c59389833f0f8e48bd2de8804cd585fc9da2d5455a664f7d08b9e62fa0017f9b98615fe28e0ba8ad4145c93"
}