canpolatWhat we know about the xz Utils backdoor that almost infected the world
CosstySo if I don’t use SSH am I fine? Because my distro doesn’t let me remove the package. Other packages depend on it.
Unless you’re running Debian testing you’re safe. If ssh isn’t open to the internet you’re safe. Just make sure everything is up-to-date.
Debian testing has ‘updated’ to
5.6.1+really5.4.5-1 anyway, so as long as you’ve updated within the past few days it will have been downgraded to 5.4.5.
You can’t remove it but you can downgrade.