Skip to main content

A backdoor (malware) in your linux (xz) (CVE-2024-3094) ?

· 4 min read
Cipriyo
Info:

The information in this article is taken from this video by Adrien Linuxtricks (video in French):

This article doesn't give me any money and I'm writing it for free!

For additional information on this article, please watch the video below (with subtitles if you do not speak French).

To begin with, what is xz?

Xz is a file compression system like .zip or .rar but faster and lighter. Xz is used in almost all Linux distributions.

The problem :

Recently, the xz developers posted version 5.6.0 and version 5.6.1, but a Linux user decided to analyze the source code, no problem there, then he downloaded the "build " of Xz in version 5.6.0 and 5.6.1. He realized two problems, problem number 1 is that the source code and the "build" of xz in these 2 versions was different, and problem number 2 is that the "build" of xz contained a "backdoor", malicious code ("malware") which gives access to your computer to the creator of the virus.

note

Only versions 5.6.0 and 5.6.1 of xz contain this malicious code. If your Linux contains an earlier version of xz your computer is not at risk.

To find out your version of xz, open your terminal and type this code and do not look at the version of the xz package:

xz --version
Attention:

The list of distributions affected or not dates 03/30/2024, please check the version of your xz for yourself (reminder: only versions 5.6.0 and 5.6.1 are the infected versions)

If your Linux distribution is not in these lists, please check the version of your xz for yourself (reminder: only versions 5.6.0 and 5.6.1 are the infected versions)

The distributions below are mostly ®️ or ©️.

List of affected Linux distributions:

  • Fedora 40 (xz version: 5.6.0 / 5.6.1)
  • OpenSuse Tumbleweed rolling release (version xz: 5.6.1)
  • Debian testing / unstable / experimental (Update your system to fix NOW) (version xz: 5.6.0 / 5.6.1)
  • Kali Linux Latest Version (xz version: 5.6.0 / 5.6.1)
  • Gentoo testing (version xz: 5.6.0)
  • Arch Linux Latest Version (xz version: 5.6.0 / 5.6.1)

List of unaffected Linux distributions:

  • Red Hat enterprise Linux 8, 9 and earlier (derivatives (Almalinux, ...) included) (version xz: 5.2 and earlier)
  • Fedora 38, 39 and earlier (xz version: 5.4.4, 5.4.1 and earlier)
  • Suse Linux Enterprise 15 service pack 15 and earlier (version xz: 5.2 and earlier)
  • OpenSuse Leap 15.5 and earlier (xz version: 5.2 and earlier)
  • Debian stable (version xz: 5.4.1)
  • Ubuntu 24.04 LTS, earlier and distributions based on it (version xz: 5.4.5 and earlier)
  • Gentoo (xz version: 5.4.2)

Now how to solve this problem? :

Option 1 : Update your Linux :

info

If you are not comfortable with your Linux terminal, an application called "Update system" or "Upgrade system" can also do the update automatically.

If you cannot find this application, neither on your computer, nor on the official website of your Linux distribution, you will have to use the following commands.

In case you want or are required to use the terminal to update:

Ubuntu, Debian, ... : 

sudo apt update -y && apt upgrade -y

Fedora, ... :

sudo dnf update
sudo dnf upgrade

Option 2 : Reinstall the os :

Yes, if the update don't fix the problem, you can reinstall your Linux. Don't forget to backup your documents.