Arch Linux Disables New AUR Registrations Amidst Malware Campaign
Arch Linux has disabled new account registrations on the Arch User Repository (AUR) as they work to contain a malware campaign that swept through the community package repository last week. The AUR is where Arch users look in for software that has not made it into the official repositories yet. It is community-run and unsupported, meaning packages are user-submitted with no safety guarantee from the Arch team. Over 1,500 packages were hit in the first wave alone, and two more
Arch Linux has temporarily suspended new user registrations for its Arch User Repository (AUR) to address a widespread malware campaign. The AUR, a community-driven repository for user-submitted software, was compromised by malicious actors who injected malware into numerous packages. Developers have been working to contain the threat, which has seen multiple waves of infection affecting over 1,500 packages. The malware was reportedly embedded in post-install scripts and utilized obfuscation techniques to evade detection. Arch Linux emphasizes that its core repositories remain unaffected. Users are advised to exercise caution and review package build scripts before updates. The suspension aims to allow developers to thoroughly clean the repository and implement enhanced security measures.
The suspension of new AUR registrations by Arch Linux is a critical security measure to combat a significant malware outbreak affecting user-submitted software packages.
📌 Kaynak
Bu haber XML kaynağından derlenmiştir. Tamamı için orijinal habere gidin.
Orijinal haberi oku →