[mdlug] info about the xz backdoor
Ron / BCLUG
admin at bclug.ca
Sun Mar 31 13:29:58 EDT 2024
(Fixed top-posting, hopefully kept proper attributions...)
Carl T. Miller wrote on 2024-03-31 08:57:
> On 3/31/24 11:05 AM, LAP wrote:
>>
>> Now do:
>> xz --version
> No! This command runs the xz executable, which
> you do NOT want to do if you don't know what
> version you're running.
The `xz` isn't where the payload exists, if one has an infected version.
This malware won't do anything just by running `xz` - it's far, far
craftier than that. (The malicious code was in the build utilities
which, in turn, affect sshd.)
> Instead use your package manager to find what
> version is installed.
Yeah, this is the Best Way™ to determine what's installed.
i.e.:
apt policy xz_utils
xz-utils:
Installed: 5.2.5-2ubuntu1
Candidate: 5.2.5-2ubuntu1
rb
More information about the mdlug
mailing list