I’ve always been terrified of Arch and never knew why.
So by now everyone knows that malicious code designed to break ssh has gotten into some bleeding-edge distros and unstable repositories but didn’t get into any of the Debian stable or Fedora stable templates on Qubes.
Did it impact Arch and if this is confined to an Arch template could it have affected any other part of Qubes? It shouldn’t? Did this get into kali-core template?
For non-experts who use Qubes because it’s cool and exciting, but aren’t that knowledgeable, does it make sense to delete kali-core templates and things based on that until more of this is looked at by experts?
sshd is the ssh server, so, at the moment, we only think that systems running sshd with the compromised xz version were affected.
It’s safe to think that any system that has been running the xz version is compromised until we know more. On Qubes OS, you could stop using kali based qubes until this get sorted out. Changing the template of an kali AppVM may not be enough if some payload has been added to the user directory, I think it’s paranoid to think it happened but we still don’t really know consequences.
It’s a very complicated exploit, security researchers are trying to figure the scope, IT professionals like me don’t have much more information at the moment
I don’t think I tried to use kali-core with anything other than one VM and mainly because there’s very little pre-installed in kali-core.
From what I understand of qubes, if I delete kali-core and the VM, I do not need to reinstall a sys-whonix VM or reinstall a whonix template? The isolation protects me?
what about arch? i installed that before i figured out how to just get nvidia drivers installed in debian
i thought it did get into arch. are you sure it’s okay? you’re probably right? i read somewhere it got in.
also how do i check my debian repositories inside the template i created for installing the nvidia drivers? i don’t think i added sid but i was trying to get newer drivers so anything is possible