cm0002@europe.pub to Arch Linux@programming.devEnglish · 24 days agoArch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packageswww.phoronix.comexternal-linkmessage-square10linkfedilinkarrow-up141arrow-down10cross-posted to: linux@programming.dev
arrow-up141arrow-down1external-linkArch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packageswww.phoronix.comcm0002@europe.pub to Arch Linux@programming.devEnglish · 24 days agomessage-square10linkfedilinkcross-posted to: linux@programming.dev
minus-squareInfernal_pizza@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up2·24 days agoIs this newly submitted packages which are malware, or existing packages which had malware introduced to them? And is there a list of affected packages anywhere?
minus-squarediverging@piefed.sociallinkfedilinkEnglisharrow-up8·24 days agoIt looks like they were existing packages. List here: https://cscs.pastes.sh/raw/aurvulnlist20260611.txt Got that from: https://discuss.cachyos.org/t/aur-compromised-1500-packages-affected-20260611/31040 They have a script that can check if you have any of them.
minus-squareInfernal_pizza@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up4·24 days agoThanks, looks like I’m ok
minus-squarefistac0rpse@fedia.iolinkfedilinkarrow-up4·23 days agoThey’re existing packages that were abandoned by the original authors and then had ownership claimed by malicious parties
Is this newly submitted packages which are malware, or existing packages which had malware introduced to them? And is there a list of affected packages anywhere?
It looks like they were existing packages.
List here: https://cscs.pastes.sh/raw/aurvulnlist20260611.txt
Got that from: https://discuss.cachyos.org/t/aur-compromised-1500-packages-affected-20260611/31040
They have a script that can check if you have any of them.
Thanks, looks like I’m ok
They’re existing packages that were abandoned by the original authors and then had ownership claimed by malicious parties