Recent news
New official 2024 installation media
The latest weekly ISOs have been promoted to official installation media.
Notable changes: LXQt and LXDE were dropped from the community editions; XFCE was made default DE in community-gtk.
Please report anything out of the ordinary to the related forum announcement thread.
Packages archive #2
A backup package archive (located in the US) has just gone online, to address connectivity issues reported by some of our users.
The xz package has been backdoored
TL;DR: Upgrade your systems NOW!
Following the related OpenWall post:
The upstream tarballs of xz 5.6.0 and 5.6.1 contain a backdoor which uses liblzma as a means to compromise SSH servers.
Preliminary analysis from the aforementioned post shows that the backdoor is designed to exploit openssh when linked against libsystemd (which depends on lzma) to compromise the SSH services. Artix and Arch don't link openssh to liblzma and thus this attack vector is not possible.
Based on the same analysis, the execution of openssh under systemd is a prerequisite for the backdoor to activate and given the additional distance of Artix to systemd (aren't we glad?), the exploit shouldn't affect any running Artix system.
However, it is strongly advised that all Artix users and administrators out there immediately upgrade their systems and container images (or at least xz to version 5.6.1-2) and restart openssh. Versions of xz up to and including 5.4.1-1 are not affected.
Server is back online
The server is back online, all systems nominal.
Server malfunction
Due to a server malfunction, multiple Artix services are unavailable. Among them:
- Gitea
- Archive
- Galaxy repository