Urgent: serious backdoor impacts major linux distros Fedora, Kali, openSUSE, Debian
DegenRocket has summarized the info & given you a simple command to check if your Linux machine is vulnerable:
deleted by creator
+1, stable Debian FTW!
This particular backdoor as far as anyone knows only affects Debian and derivatives and fedora. Arch ftw.
yeah bro arch ftw… but you better update your rolling thing asap
Actually, I had read that Arch is affected, and current advice was to update
https://archlinux.org/news/the-xz-package-has-been-backdoored/
You’ll probably want to move up to 5.6.1-2 out of an abundance of caution, as recommended here https://security.archlinux.org/CVE-2024-3094
so you should check if you’re running xz version 5.6.0 or 5.6.1
xz -V
I read somewhere that you should avoid starting xz if you don’t have to and therefore should use, for example,
apt-show-versions xz
(Though this has been two days ago and might not be relevant anymore, am not a dev).