XZ Utils - anything we need to do?

alvaromunoz
alvaromunoz
Community Member

It seems I was affected at one point by the XZ Utils malware vulnerability (running Fedora 40, dnf history shows I had a possibly vulnerable version installed at some point).

Should I change/refresh the ssh keys in 1password?


1Password Version: 8.10.28
Extension Version: 2.21.0
OS Version: Fedora 40 Beta
Browser: Firefox

Comments

  • Hello @alvaromunoz! 👋

    Upon announcement of the issue, our team quickly began an investigation and determined that none of our infrastructure uses the vulnerable versions. There is no action needed from the 1Password end of things.

    Regarding the impact of the vulnerability in your operating system of choice, I would recommend reaching out to your operating system's support team for more details on the scope of the impact to users and guidance on how to determine if your device was compromised.

    -Dave