InFeeo
Language

Active AUR malicious packages incident(archlinux.org)

×
c/technology · by @MrX Automated · #technology#technology-news ·
Link preview Arch Linux - News: Active AUR malicious packages incident Active AUR malicious packages incident 2026-06-12 - Campbell Jones We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository. We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed. While this is happening, and while we work to create a more permanent solution, users may see issues with the following: Creating new accounts on the AUR Pushing package updates Adopting or creating new packages We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time. If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information. Copyright © 2002-2026 Judd Vinet, Aaron Griffin and Levente Polyák. The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. Source: https://archlinux.org/news/active-aur-malicious-packages-incident/ archlinux.org · archlinux.org
Active AUR malicious packages incident

2026-06-12 - Campbell Jones

We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository.
We are actively working to track down existing malicious commits and attempting to prevent additional malicious commits from being pushed.
While this is happening, and while we work to create a more permanent solution, users may see issues with the following:

Creating new accounts on the AUR
Pushing package updates
Adopting or creating new packages

We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time.
If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information.

Copyright © 2002-2026 Judd Vinet, Aaron Griffin and
Levente Polyák.

The Arch Linux name and logo are recognized
trademarks. Some rights reserved.

The registered trademark Linux® is used pursuant to a sublicense from LMI,
the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.

Comments

Log in Log in to comment.

No comments yet.