Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Regarding Red Hat warns of backdoor in XZ tools used by most Linux distros


  • Please log in to reply
2 replies to this topic

#1 JohnC_21

JohnC_21

  •  Avatar image
  • Members
  • 35,027 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 29 March 2024 - 04:26 PM

Per the below article, I had the affected xz version, 5.6.1-2 on Endeavour so I downgraded to 5.4.6-1

 

I don't know if I needed to but I also downgraded lib32-xz to 5.4.6-1 from 5.6.1-1

 

https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  •  Avatar image
  • Members
  • 35,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:55 AM

Posted 29 March 2024 - 04:44 PM

I'll have to do that on my arch systems

US Navy Veteran from 2002 to 2006

Masters in Computer and Digital Forensics Expert - Stevenson University Alumni 2015

Arch Desktop - https://termbin.com/epij

Arch Laptop - https://www.termbin.com/dnwk

Ubuntu Server - https://termbin.com/zvra


#3 JohnC_21

JohnC_21
  • Topic Starter

  •  Avatar image
  • Members
  • 35,027 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 29 March 2024 - 06:17 PM

Well, I just found out that xz 5.6.1-2 is not affected. :blush:

 

Summary ======= The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 5.6.1-2.

 

https://security.archlinux.org/ASA-202403-1

 

Also, I upgraded my mirrors and also updated to lib32-xz 5.6.1-2






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users