Update all of your Linux systems NOW.

  • imikoy [she/her, comrade/them]@hexbear.netOP
    link
    fedilink
    English
    arrow-up
    20
    ·
    8 months ago

    Taking a stroll through the comments,

    So, it turns out that someone who gained great amounts of trust has put malicious code into a widespread package. Sucks hard. It’s understandable to also look at those who worked with them on the same things…

    He seems to be participating to Loongsong Chinese architecture

    Oh no. Oh no no no, the xi-god-emperor is here too! Quickly, be weird about people from China!

    Wow it’s crazy how many different core areas of Linux code is beeing changed to cope with Loongsong LoongArch.

    “cope” lmao, also wow adding a completely new architecture requires a lot of work in a lot of areas, how crazy!

    Later they were explained that their concern isn’t justified (the people mentioned have turned out to be real and working on the arch support without NDAs or stuff), including people from China taking note of this tendency:

    Yeah, China! China! When something involves a random Chinese, it always unfolds with accusation out of thin air.

  • Zvyozdochka [she/her, pup/pup's]@hexbear.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    If you’re not on a Debian or Red Hat based distribution, you’re most likely fine because of some precondition checks in the malicious build script:

    if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64"; then

    I’d still recommend you update either way, Arch Linux and Gentoo patched/masked their packages as well even though they were essentially unaffected for various reasons. The original maintainer also made an acknowledgement on the project’s official website with some additional information as well.