this post was submitted on 13 Jun 2026
41 points (100.0% liked)

Arch Linux

289 readers
1 users here now

Discussion community about the Arch Linux distro.

Wiki : https://wiki.archlinux.org/

Site : https://archlinux.org/

Packages : https://archlinux.org/packages/

GitLab : https://gitlab.archlinux.org/archlinux

Downloads : https://archlinux.org/download/

founded 2 years ago
MODERATORS
top 10 comments
sorted by: hot top controversial new old
[–] BCsven@lemmy.ca 36 points 3 weeks ago (2 children)
[–] Maiq@piefed.social 10 points 3 weeks ago (1 children)

Out of 12 installed AUR packages, I had 0 effected.

[–] kamenlady@lemmy.world 6 points 3 weeks ago (1 children)

Maybe they forgot to include the Effects™ Library?

[–] Maiq@piefed.social 2 points 3 weeks ago

Doh! Not gonna change it.

[–] snooggums@piefed.world 6 points 3 weeks ago

Best laugh today!

[–] fistac0rpse@fedia.io 8 points 3 weeks ago

radarr, sonarr and jellyfin client are all safe, phew

[–] Infernal_pizza@lemmy.dbzer0.com 2 points 3 weeks ago (2 children)

Is this newly submitted packages which are malware, or existing packages which had malware introduced to them? And is there a list of affected packages anywhere?

[–] diverging@piefed.social 8 points 3 weeks ago (1 children)

It looks like they were existing packages.

List here: https://cscs.pastes.sh/raw/aurvulnlist20260611.txt

Got that from: https://discuss.cachyos.org/t/aur-compromised-1500-packages-affected-20260611/31040
They have a script that can check if you have any of them.

[–] Infernal_pizza@lemmy.dbzer0.com 4 points 3 weeks ago

Thanks, looks like I'm ok

[–] fistac0rpse@fedia.io 4 points 3 weeks ago

They're existing packages that were abandoned by the original authors and then had ownership claimed by malicious parties