Skip to content

Commit 73078fe

Browse files
committed
docs: add aur update
2 parents 294e8e4 + d8c384f commit 73078fe

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
+++
2+
title = "Update on the recent AUR attacks"
3+
date = 2026-06-14
4+
categories = ['Security Announcements']
5+
tags = ['apollo', 'security']
6+
+++
7+
8+
Hi all,
9+
10+
Our upstream package source, Arch Linux, has recently been hit with a wave of malware attacks in it's user-submitted Arch User Repository. Apollo does not use packages from the AUR at this time and as such is not affected by the recent wave of AUR attacks. I'm monitoring the situation closely, in the mean time users should continue to take care to make sure they are using software from trusted sources.
11+
12+
**Users using the official Apollo images are not knowingly affected by the recent wave of malware.** Containers running Arch, such as those made with `distrobox` should be audited in order to make sure they are unaffected. We recommend deleting and rebuilding the container in the event that affected packages are found.
13+
14+
Custom image maintainers should make sure that any AUR packages in use, if applicable, are not affected and take appropriate actions, including removing affected packages and rebuilding images as appropriate. Arch upstream continues to recommend you manually vet PKGBUILD files before proceeding to install them. Updates on affected packages can be found on [Arch's mailing list](https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/#NHRO2RT3VRXHQ7O4WQCPTNGNIOQQQAWX)
15+
16+
We take security seriously and encourage users to report any issues to maintainers.

0 commit comments

Comments
 (0)