Red Hat seems to be confused about which versions of Fedora are affected. The URL says "fedora-41" and matches the HN title, but the actual blog page has been changed to read "Fedora Linux 40" in the headline. The blog page HTML title still says "Fedora 41".
Edit: The Red Hat blog currently says "At this time the Fedora Linux 40 builds have not been shown to be compromised." and "Fedora Linux 40 users may have received version 5.6.0, depending on the timing of system updates." which seems to be a contradiction. Any build of xz 5.6.0 or 5.6.1 should be considered compromised.
