Here is how you can check if you're running the affected version:
xz --version
Heads up if using the testing / unstable version of Debian, Ubuntu, NixOS or other Linux OS based on these, there is malicious code in the latest xz package: https://www.openwall.com/lists/oss-security/2024/03/29/4
>The malicious injection present in the xz versions 5.6.0 and 5.6.1
>Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by linux distributions, and where they have, mostly in pre-release versions.
Running stable versions are fine:
₿ xz --version
xz (XZ Utils) 5.4.1
liblzma 5.4.1
Discussion
No replies yet.