Urgent: serious backdoor impacts major linux distros Fedora, Kali, openSUSE, Debian
DegenRocket has summarized the info & given you a simple command to check if your Linux machine is vulnerable:
This is why I run good 'ol Debian Stable.
Slower is sometimes better. :-)
This particular backdoor as far as anyone knows only affects Debian and derivatives and fedora. Arch ftw.
yeah bro arch ftw… but you better update your rolling thing asap
Actually, I had read that Arch is affected, and current advice was to update
https://archlinux.org/news/the-xz-package-has-been-backdoored/
You’ll probably want to move up to 5.6.1-2 out of an abundance of caution, as recommended here https://security.archlinux.org/CVE-2024-3094
so you should check if you’re running xz version 5.6.0 or 5.6.1
xz -V
I read somewhere that you should avoid starting xz if you don’t have to and therefore should use, for example,
apt-show-versions xz
(Though this has been two days ago and might not be relevant anymore, am not a dev).