Comment by akerl_
1 year ago
Sure, but only if you’d installed the affected AUR packages. Even if they were old packages, probably your SteamOS didn’t install them from the AUR.
1 year ago
Sure, but only if you’d installed the affected AUR packages. Even if they were old packages, probably your SteamOS didn’t install them from the AUR.
Whether or not SteamOS installed them is irrelevant. All the hacker would need is to compromise a machine that had some sort of remote access to other devices (ssh in this case, with some sort of keylogger to decrypt the private key).
You are not compromised unless you specifically installed one of these 3 packages on one of your machines:
- librewolf-fix-bin
- firefox-patch-bin
- zen-browser-patched-bin
The packages were only available for download for 3 days, and the only way you could have installed them is if you explicitly typed one of the package names into your terminal within those 3 days.
Did you do that? If no, then you are not compromised.
I wonder if this is really about compromised packages or rather in wider view trying to paint Arch, AUR as insecure.