---
title: "💭 Arch Linux - News: The xz package has been backdoored"
description: "!https://archlinux.org/news/the-xz-package-has-been-backdoored/"
date: 2024-04-16
published: true
tags:
  - linux
  - arch
  - thought
template: link
---


<div class="embed-card embed-card-external">
  <a href="https://archlinux.org/news/the-xz-package-has-been-backdoored/" class="embed-card-link" target="_blank" rel="noopener noreferrer">
    <div class="embed-card-content">
      <div class="embed-card-title">Arch Linux - News: The xz package has been backdoored</div>
      <div class="embed-card-meta">archlinux.org</div>
    </div>
  </a>
</div>


Check your system to see if you are vulnerable to the xz backdoor.

I found this line most pertanent to me.

> The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

Also it appears that arch is not vulnerable as it does not directly link openssh to liblzma, so the known attack vecotor is not possible.  read to the end of the linked article for more.



!!! note

    This post is a <a href="/thoughts/" class="wikilink" data-title="Thoughts" data-description="These are generally my thoughts on a web page or some sort of url, except a rare few don&#39;t have a link. These are dual published off of my..." data-date="2024-04-01">thought</a>. It's a short note that I make
    about someone else's content online <a href="/tags/thoughts/" class="hashtag-tag" data-tag="thoughts" data-count=2 data-reading-time=3 data-reading-time-text="3 minutes">#thoughts</a>