406
WARNING: Malicious code in current pre-release & testing versions/variants: F40 and rawhide affected - users of F40/rawhide need to respond
(discussion.fedoraproject.org)
this post was submitted on 29 Mar 2024
406 points (99.0% liked)
Linux
47287 readers
1142 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Bad title. This is CVE-2024-3094. Run "xz --version" to see if you are affected.
"Run the affected binary to see if you have it"
AFAIK it‘s better to use
rpm -q xz xz-libs(copied from the forum replies) to avoid runningxzitself just in case the affected version is already installedIf you go to the post, on the comments, there is someone that is already telling you to run
dnf list xz --installed. So you don't need to runxzdirectly.Yeah that's just the title from the thread over on the Fedora forum
Can't you edit it?
Yes but that would be disingenuous. The current title better captures the urgency of the situation
If you are checking out the extent of damage on your system do not use
lddto check the links.You can inadvertently executed the exploit this way.