Malware question (xz-utils compromised)

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Post Reply
playon51
Level 1
Level 1
Posts: 19
Joined: Wed May 05, 2021 2:44 pm

Malware question (xz-utils compromised)

Post by playon51 »

I wondered if any of the more technical people here can help me understand this, and whether or not it is a matter of concern to Linux Mint users?

It sounds like if you are not using cutting-edge beta releases you are OK?

---------------------------------------------------------------------------------------------------

https://www.bleepingcomputer.com/news/s ... ux-binary/

From the site:

"Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.

CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions.

Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a "bleeding edge" upgrading approach were impacted, with most using an earlier, safe library version."
Last edited by karlchen on Tue Apr 02, 2024 5:52 pm, edited 2 times in total.
Reason: Thread moved to "Chat about Linux", because this is not a support request, nor is the problem Mint specific
User avatar
Pjotr
Level 24
Level 24
Posts: 20033
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Malware question

Post by Pjotr »

Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
SMG
Level 25
Level 25
Posts: 31668
Joined: Sun Jul 26, 2020 6:15 pm
Location: USA

Re: Malware question

Post by SMG »

playon51 wrote: Tue Apr 02, 2024 4:33 pm I wondered if any of the more technical people here can help me understand this, and whether or not it is a matter of concern to Linux Mint users?

It sounds like if you are not using cutting-edge beta releases you are OK?
You also have to be using ssh. Please also see this topic [SOLVED] Question about SSH defaults and security on Mint
Image
A woman typing on a laptop with LM20.3 Cinnamon.
Post Reply

Return to “Chat about Linux”