Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.
HN comments have some more in-depth information about this https://news.ycombinator.com/item?id=39865810
Wow, thank you for sharing this! Grumblegrumble have to reinstall my system…
This straight on the back of a thread about flatpak verification and security - a reminder that a lot of the incredible work of a distribution, especially Debian, is a community of people curating packages with care, and not just for how quick they can be made to work together.
Also a highlight for the work toward fully replicatable systems - if I understand right, the exploit here was snuck in in the binary, not in the source code.
