Linux users should update their systems.

https://archlinux.org/news/the-xz-package-has-been-backdoored/

https://www.theregister.com/2024/03/29/malicious_backdoor_xz/

fun fact: the name of the guy that did it is an anagram of “cia agent john”

Worth mentioning that Arch Linux's sshd is not affected by this xz compromise:

> Arch does not directly link openssh to liblzma, and thus this attack vector is not possible.

Actually might be better not to update unless you have the bad versions of xz?

Check 

xz --version

5.6 and 5.6.1 are the compromised ones

Hmmm nothing new for me from apt upgrade on Ubuntu 20.04 yet