+- Linux Lite Forums (https://www.freecinema2022.gq/forums)
+-- Forum: General (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=4)
+--- Forum: Security & Bug Fixes (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=16)
+--- Thread: libxz backdoors in upstream versions (/showthread.php?tid=9095)
libxz backdoors in upstream versions - trinidad - 04-01-2024
I heard about this last week but now the community has addressed the issue. Nothing I run was affected and Ubuntu and Debian both announced their Stable OS versions were not affected. Interesting article also listing distros affected at the link below.
https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/
The link below is to the guy who discovered the vulnerability. It also provides a vulnerability checking bash script which I ran on all my systems.
https://codenotary.com/blog/backdoor-in-upstream-xz
Just another reason why runnng Ubuntu LTS and/or Debian Stable is your best bet.TC
Re: libxz backdoors in upstream versions - trinidad - 04-01-2024
(04-01-2024, 02:35 PM)trinidad link Wrote: I heard about this last week but now the community has addressed the issue. Nothing I run was affected and Ubuntu and Debian both announced their Stable OS versions were not affected. Interesting article also listing distros affected at the link below.
https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/
The link below is to the guy who discovered the vulnerability. It also provides a vulnerability checking bash script which I ran on all my systems.
https://codenotary.com/blog/backdoor-in-upstream-xz
Just another reason why runnng Ubuntu LTS and/or Debian Stable is your best bet.TC
Re: libxz backdoors in upstream versions - Şerban S. - 04-02-2024
Thanks for the warning!
This is what I got running the script:
Code:
Checking system for CVE-2024-3094 Vulnerability...
https://nvd.nist.gov/vuln/detail/CVE-2024-3094
Checking for function signature in liblzma...
Function signature in liblzma: OK
Checking xz version using dpkg package manager...
xz version 5.2.5-2ubuntu1: OKFor now, it's OK, but trails might go on some time. Probably the best line of work here is to update any package as soon as it gets notified.
Some low-level backup, might also help. Just in case...
Best regards, Șerban.
Re: libxz backdoors in upstream versions - trinidad - 04-08-2024
https://discourse.ubuntu.com/t/noble-numbat-beta-delayed-xz-liblzma-security-update/43827
TC
Re: libxz backdoors in upstream versions - Şerban S. - 04-08-2024
Thanks!
It's good to know people take it seriously.
Best regards!