Here are affected distributions:
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
March 29, 2024
Which distros are affected?
Red Hat says that the vulnerable packages are present in Fedora 41 and Fedora Rawhide, and have urged users of those distros to immediately stop using them.
“If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps,” they said, and added that no versions of Red Hat Enterprise Linux (RHEL) are affected.
SUSE has released a fix for openSUSE users.
Debian says no stable versions of the distro are affected, but that compromised packages were part of the Debian testing, unstable and experimental distributions, and users of those should update the xz-utils packages.
“The malicious code found in the latest versions of the xz libraries show just how critical it is to have a vigilant and veteran Linux security team monitoring software supply chain channels,” Vincent Danen, VP, Product Security at Red Hat, told Help Net Security.
“Red Hat, along with CISA and other Linux distributions, were able to identify, assess and help remediate this potential threat before it posed a significant risk to the broader Linux community.”
CISA has advised developers and users to downgrade XZ Utils to an uncompromised version (e.g., XZ Utils 5.4.6 Stable) and to hunt for any malicious activity and report any positive findings to the agency.
UPDATE: Friday, March 29, 15:06 ET
Kali Linux announced that the impact of this vulnerability affected Kali between March 26th and March 29th. If you updated your Kali installation on or after March 26th, applying the latest updates today is crucial to address this issue. However, if you did not update your Kali installation before the 26th, you are not affected by this backdoor vulnerability.
I don't use RedHat/CentoOS/others[1] but it looks like you use dnf to update (as root, or with sudo)
Post a reply if you know. I remember the days of "yum" (it came from YellowDog Linux, hence the Y)
Debian-like systems:
https://linuxhandbook.com/update-debian/
If you want to update Debian Linux system, here's what you need to do.
Update the local package database cache with:
sudo apt update
And then update all the installed software, kernel and other system components at once using:
sudo apt upgrade
Press Y key when you are asked to confirm.
Combine the above two commands
Alternatively, you can combine the above two commands with the help && operator. You can also provide the conformation automatically using -y:
sudo apt update && sudo apt upgrade -y
Homebrew (commonly used on MacOS)
https://osxdaily.com/2021/02/13/how-update-homebrew-mac/
How to Update Homebrew
Updating Homebrew is pretty straight forward:
brew update
This updates homebrew itself.
You can then upgrade all individual packages and formula with the following:
brew upgrade
Don't know if this affects BSD distributions, but here's the original post:
https://www.openwall.com/lists/oss-security/2024/03/29/4
It includes a downloadable shell script to detect vulnerabilities, but it requires the ldd command, which mac users can get with the command-line utils. It's not in the shipped OS. It's worth reading, actually.
#! /bin/bash
set -eu
# find path to liblzma used by sshd
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
# does it even exist?
if [ "$path" == "" ]
then
echo probably not vulnerable
exit
fi
# check for function signature
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
echo probably vulnerable
else
echo probably not vulnerable
fi
[1] Alternatives to RedHat which are similar:
https://www.makeuseof.com/best-red-hat-based-linux-distros/
Noted at wikipedia already
https://en.wikipedia.org/wiki/XZ_Utils#cite_note-Freund-3
Corrections welcome.
= new reply since forum marked as read