The xz package that has already entered the current F40 pre-release versions/variants and rawhide contains malicious code. This does NOT affect users of the Fedora releases (F38, F39 are thus not affected), but all users who use already F40 pre-release versions/variants or rawhide shall read this: Article: CVE details: https://access.redhat.com/security/cve/CVE-2024-3094 Be aware that this is CVE criticality 10: this is the highest risk factor. Also be aware that the header of the RH arti...
  • kaleissin@sopuli.xyz
    3334·
    3 months ago

    Bad title. This is CVE-2024-3094. Run “xz --version” to see if you are affected.

    • ryannathans
      831·
      3 months ago

      “Run the affected binary to see if you have it”

    • 1henno1@feddit.de
      64·
      3 months ago

      AFAIK it‘s better to use rpm -q xz xz-libs (copied from the forum replies) to avoid running xz itself just in case the affected version is already installed

    • ara@lemmy.ml
      55·
      3 months ago

      If you go to the post, on the comments, there is someone that is already telling you to run dnf list xz --installed. So you don’t need to run xz directly.

    • bitwolf@lemmy.one
      2·
      3 months ago

      If you are checking out the extent of damage on your system do not use ldd to check the links.

      You can inadvertently executed the exploit this way.