chris,
@chris@mstdn.games avatar

How to quickly check if your system may be affected by the recent XZ utils supply chain backdoor. Open your terminal, enter:

xz --version

bad: versions 5.6.0 or 5.6.1
ok: 5.4.6.

The malicious code could affect sshd authentification (CVE-2024-3094). Updates and downgrades for SuSE, Fedora, Kali and other distros are available.

Pop!_OS or Debian stable versions are not affected but it never hurts to double-check.

scy,
@scy@chaos.social avatar

@chris Note that by doing this, you're actually running xz, a binary which the attacker has had under their control for years, and which may include more malware than we currently know about.

It has not yet been analyzed fully. Versions older than 5.6 might have been manipulated, too. We don't know yet.

This is bad advice.

The correct way to check would be to ask your package manager which version is installed.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux
  • ngwrru68w68
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • megavids
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • provamag3
  • JUstTest
  • All magazines
    •