05-14-2024, 01:41 PM
Arch Linux is not vulnerable to the xz backdoor. It affects sshd only, and sshd in Arch Linux is not (transitively) linked to xz. Also, the backdoor was only compiled to begin with during builds of RPM or dpkg packages. And Arch Linux has also issued an update replacing the infected 5.6.1 release tarball with the 5.6.1 git tag which does not include the backdoor. (Well, it includes the payload, but not the build system snippet to compile it.) So Arch Linux is perfectly safe.