A Microsoft engineer noticed something was off on a piece of software he worked on. He soon discovered someone was probably trying to gain access to computers all over the world.
Do you know the exploit was detected in Debian Sid? (by a PostgreSQL developer), Arch got the update (with both compromised versions), but because don’t directly link openssh to liblzma (as Debian), and thus this attack vector is not possible.
Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.
Do you know the exploit was detected in Debian Sid? (by a
PostgreSQLdeveloper), Arch got the update (with both compromised versions), but because don’t directly linkopensshtoliblzma(as Debian), and thus this attack vector is not possible.Also, other rolling distros also got the compromised versions, maybe: openSUSE Tumbleweed, Endeavour OS, Fedora Rawhide, Slackware -current, etc.