• Welcome to Peterborough Linux User Group (Canada) Forum.
 

A backdoor discovered into bleeding edge versions of most Linux Distros

Started by ssfc72, April 07, 2024, 05:45:40 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ssfc72

https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt

From what I have read so far, this extremely bad vulnerability is only found in the the unstable versions of most Linux Distros and not present in the stable versions.

The  Ars Technica website has more info

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
Mint 20.3 on a Dell 14" Inspiron notebook, HP Pavilion X360, 11" k120ca notebook (Linux Lubuntu), Dell 13" XPS notebook computer (MXLinux)
Cellphone Samsung A50, Koodo pre paid service

Jason

Thanks for letting us know, Bill. The Ars Technica article also mentioned that Arch Linux stable was affected but that Arch isn't used in production systems. Our resident cod3poet might have words.

AT also notes the backdoor affects SSH specifically. If you're not sure if you're using it, you're likely not. It's a command-line tool for accessing Linux boxes. It sounds like someone caught it before it spread very far. Good for them but scary that it could have gone unnoticed if not for that volunteer.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13