Tumbleweed Users Face Urgent 2000+ Package Updates
There has been much activity in the Linux community recently since it was discovered that some XZ tarballs had malicious code hidden in them. As a result, Debian devs have decided to delay the launch of the 12.6 release until they can fully understand how widespread the issue is and how much damage the bad code might have done.
Currently, is no straightforward way to determine if a system has been compromised due to this vulnerability. Vegard Nossum wrote a script, “detect_sh.bin,” to detect if it’s likely that the ssh binary on a system is vulnerable. The script can be found here (at the end of the publication). However, its use is more for informational purposes.