LibsEatPoop [any]@hexbear.net to technology@hexbear.netEnglish · edit-28 months agoAll Linux users, check your XZ library. You might be infected.pinwww.cyberkendra.comexternal-linkmessage-square30fedilinkarrow-up173arrow-down10file-textcross-posted to: programming@zerobytes.monsterlinux@zerobytes.monsterdebian@zerobytes.monster
arrow-up173arrow-down1external-linkAll Linux users, check your XZ library. You might be infected.pinwww.cyberkendra.comLibsEatPoop [any]@hexbear.net to technology@hexbear.netEnglish · edit-28 months agomessage-square30fedilinkfile-textcross-posted to: programming@zerobytes.monsterlinux@zerobytes.monsterdebian@zerobytes.monster
minus-squareFaresh@lemmy.mllinkfedilinkEnglisharrow-up23·8 months agoDo not run xz --version. Instead check the version in your package manager.
minus-squareheyfrancis@lemmy.mllinkfedilinkEnglisharrow-up12·edit-28 months agodebian/ubuntu based distros: apt show xz-utils or dpkg -l | grep xz redhat/fedora-based: yum info xz dnf info xz arch-based: pacman -Qi xz EDIT: correction as suggested below
minus-squarepoweruser@lemmy.sdf.orglinkfedilinkEnglisharrow-up3·8 months agoOn my machine the package name is slightly different: apt show xz-utils
minus-squarebuckykat [none/use name]@hexbear.netlinkfedilinkEnglisharrow-up2·8 months ago5.4.1, my habit of putting off updates pays off again
minus-squareLibsEatPoop [any]@hexbear.netOPlinkfedilinkEnglisharrow-up5·8 months agoWhy is that? I know the latter gives you more info, but it’s still the same thing isn’t it?
minus-squareFaresh@lemmy.mllinkfedilinkEnglisharrow-up20·8 months agoBecause you are running the affected software. It’s a bad idea to run something if we are aware that it contains or relies on malicious code.
minus-squareLibsEatPoop [any]@hexbear.netOPlinkfedilinkEnglisharrow-up14·8 months agoOmg obviously. Can’t believe I didn’t realize that. Thanks for the answer.
Do not run
xz --version. Instead check the version in your package manager.debian/ubuntu based distros: apt show xz-utils or dpkg -l | grep xz redhat/fedora-based: yum info xz dnf info xz arch-based: pacman -Qi xzEDIT: correction as suggested below
On my machine the package name is slightly different:
apt show xz-utils
5.4.1, my habit of putting off updates pays off again
Why is that? I know the latter gives you more info, but it’s still the same thing isn’t it?
Because you are running the affected software. It’s a bad idea to run something if we are aware that it contains or relies on malicious code.
Omg obviously. Can’t believe I didn’t realize that. Thanks for the answer.