Conversation
Notices
-
Embed this notice
@mischievoustomato
This is exactly what I'm talking about — most seem to only worry about sshd, but in fact so much more could be affected.
Downgrading to liblzma5.4.x isn't panacea — it's just the most obvious quick fix.
And of course it doesn't mean that only systemd-systems are affected, some lzma shit is in the kernel even — we don't know what could get in there when the project was basically taken over by hostile actors.
We have to wait for the results of proper source audit to feel safe again.