Per the below article, I had the affected xz version, 5.6.1-2 on Endeavour so I downgraded to 5.4.6-1
I don't know if I needed to but I also downgraded lib32-xz to 5.4.6-1 from 5.6.1-1
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
Regarding Red Hat warns of backdoor in XZ tools used by most Linux distros
Started by
JohnC_21
, Mar 29 2024 04:26 PM
2 replies to this topic
#1
JohnC_21
-
- Members
- 35,027 posts
- OFFLINE
- Gender:Male
- Local time:06:55 AM
Back to top
#2
cryptodan
-
- Members
- 35,304 posts
- OFFLINE
Bleepin Madman
- Gender:Male
- Location:USA
- Local time:10:55 AM
Posted 29 March 2024 - 04:44 PM
I'll have to do that on my arch systems
US Navy Veteran from 2002 to 2006
Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015
Arch Desktop - https://termbin.com/epij
Arch Laptop - https://www.termbin.com/dnwk
Ubuntu Server - https://termbin.com/zvra
#3
JohnC_21
- Topic Starter
-
- Members
- 35,027 posts
- OFFLINE
- Gender:Male
- Local time:06:55 AM
Posted 29 March 2024 - 06:17 PM
Well, I just found out that xz 5.6.1-2 is not affected. 
Summary ======= The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.6.1-2.
https://security.archlinux.org/ASA-202403-1
Also, I upgraded my mirrors and also updated to lib32-xz 5.6.1-2
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
