https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt
From what I have read so far, this extremely bad vulnerability is only found in the the unstable versions of most Linux Distros and not present in the stable versions.
The Ars Technica website has more info
https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
Thanks for letting us know, Bill. The Ars Technica article also mentioned that Arch Linux stable was affected but that Arch isn't used in production systems. Our resident cod3poet might have words.
AT also notes the backdoor affects SSH specifically. If you're not sure if you're using it, you're likely not. It's a command-line tool for accessing Linux boxes. It sounds like someone caught it before it spread very far. Good for them but scary that it could have gone unnoticed if not for that volunteer.