Allegedly, alpine linux is not vulnerable to the XZ exploits introduced in maintream XZ.
But I wouldn't put my money on it, the guy who introduced the exploit has been developing XZ for 2 years
To counter this, Sigma Linux should upgrade the XZ packages (maybe remove?), and also use something else for compressing modules and firmware, like ZSTD (which has compression ratios close to XZ, but should be much faster for decompression, and no crazy security issues like this).
Allegedly, alpine linux is not vulnerable to the XZ exploits introduced in maintream XZ. But I wouldn't put my money on it, the guy who introduced the exploit has been developing XZ for 2 years To counter this, Sigma Linux should upgrade the XZ packages (maybe remove?), and also use something else for compressing modules and firmware, like ZSTD (which has compression ratios close to XZ, but should be much faster for decompression, and no crazy security issues like this).