You are Here:
Linux Lite 7.0 RC1 Released - See Release Announcement Section



libxz backdoors in upstream versions

Author (Read 4090 times)

0 Members and 4 Guests are viewing this topic.

Re: libxz backdoors in upstream versions
« Reply #5 on: April 08, 2024, 09:15:31 AM »
 

Şerban S.

  • Şerban
  • PayPal Supporter
  • I come here a lot
  • *****
  • 391
    Posts
  • Reputation: 20
  • Linux Lite Member
    • View Profile
    • Forum

  • CPU: Intel® Core™ i7-4790

  • MEMORY: 16Gb

  • VIDEO CARD: Intel® HD Graphics 4600 + NVidia GK107 (GeForce GT630 OEM)

  • Kernel: 5.x
Thanks!
It's good to know people take it seriously.
Best regards!
"It's easy to die for an idea. It's way harder TO LIVE for your idea!"
Current Machine:
 Dell Precision T1700, 16 GB RAM, SSD Kingston A400, 480 GB.
Laptop:
 ASUS X200MA , Intel® Celeron® N2830, 2 GB RAM, SSD Kingston A400, 480 GB.
 

Re: libxz backdoors in upstream versions
« Reply #4 on: April 08, 2024, 09:05:00 AM »
 

trinidad

  • Platinum Level Poster
  • **********
  • 1483
    Posts
  • Reputation: 214
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 5.x
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

Re: libxz backdoors in upstream versions
« Reply #3 on: April 02, 2024, 07:19:55 AM »
 

Şerban S.

  • Şerban
  • PayPal Supporter
  • I come here a lot
  • *****
  • 391
    Posts
  • Reputation: 20
  • Linux Lite Member
    • View Profile
    • Forum

  • CPU: Intel® Core™ i7-4790

  • MEMORY: 16Gb

  • VIDEO CARD: Intel® HD Graphics 4600 + NVidia GK107 (GeForce GT630 OEM)

  • Kernel: 5.x
Thanks for the warning!

This is what I got running the script:

Code: [Select]
Checking system for CVE-2024-3094 Vulnerability...
https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Checking for function signature in liblzma...
Function signature in liblzma: OK

Checking xz version using dpkg package manager...
xz version 5.2.5-2ubuntu1: OK

For now, it's OK, but trails might go on some time. Probably the best line of work here is to update any package as soon as it gets notified.
Some low-level backup, might also help. Just in case...

Best regards, Șerban.
"It's easy to die for an idea. It's way harder TO LIVE for your idea!"
Current Machine:
 Dell Precision T1700, 16 GB RAM, SSD Kingston A400, 480 GB.
Laptop:
 ASUS X200MA , Intel® Celeron® N2830, 2 GB RAM, SSD Kingston A400, 480 GB.
 

Re: libxz backdoors in upstream versions
« Reply #2 on: April 01, 2024, 10:37:19 AM »
 

trinidad

  • Platinum Level Poster
  • **********
  • 1483
    Posts
  • Reputation: 214
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 5.x
I heard about this last week but now the community has addressed the issue. Nothing I run was affected and Ubuntu and Debian both announced their Stable OS versions were not affected. Interesting article also listing distros affected at the link below.

https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/

The link below is to the guy who discovered the vulnerability. It also provides a vulnerability checking bash script which I ran on all my systems.

https://codenotary.com/blog/backdoor-in-upstream-xz

Just another reason why runnng Ubuntu LTS and/or Debian Stable is your best bet.TC
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

libxz backdoors in upstream versions
« Reply #1 on: April 01, 2024, 10:35:59 AM »
 

trinidad

  • Platinum Level Poster
  • **********
  • 1483
    Posts
  • Reputation: 214
  • Linux Lite Member
    • View Profile
    • dbts-analytics.com

  • CPU: i7 4 cores 8 threads

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD graphics

  • Kernel: 5.x
I heard about this last week but now the community has addressed the issue. Nothing I run was affected and Ubuntu and Debian both announced their Stable OS versions were not affected. Interesting article also listing distros affected at the link below.

https://www.helpnetsecurity.com/2024/03/31/xz-backdoored-linux-affected-distros/

The link below is to the guy who discovered the vulnerability. It also provides a vulnerability checking bash script which I ran on all my systems.

https://codenotary.com/blog/backdoor-in-upstream-xz
Just another reason why runnng Ubuntu LTS and/or Debian Stable is your best bet.TC
« Last Edit: April 01, 2024, 10:38:38 AM by trinidad »
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
 

 

-->
X Close Ad

Linux Lite 7.0 RC1 Released - See Release Announcement Section