search

Jarli01 / xenorchestra_installer

A simple install script for Xen Orchestra
GNU General Public License v3.0
422 stars 86 forks source link

Question NPM Hacked, XO Affected ? #102

Closed Trufax closed 2 years ago

Trufax commented 2 years ago

Hi,

sorry for asking this dumb question but there was a recent hack for two very popular NPM packages: https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html

Is XenOrchestra using these in any way and might be affected ?

Regards

Trufax commented 2 years ago

i check directly with the XO repository, i think this makes more sense.

Danp2 commented 2 years ago

This is really something that you should ask the XO developers, either on their GH repo or the support forum.

FWIW, I checked my existing installation and found the following --

x@ubuntuxo:~$ apt-cache madison coa
N: Unable to locate package coa
x@ubuntuxo:~$ apt-cache madison rc
        rc | 1.7.4+97.gceb59bb-2 | http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
        rc | 1.7.4+97.gceb59bb-2 | http://archive.ubuntu.com/ubuntu focal/universe Sources

I don't see where this installation script installs rc so it was either pulled in by XO or was part of the default Ubuntu install.