Affected Systems and Versions

The following Linux distributions and their respective versions have been identified as vulnerable:

• Red Hat: Fedora Rawhide is affected; Fedora Linux 40 remains unaffected.
• Debian: Testing and Unstable branches (versions from 5.5.1 alpha to 5.6.1).
• Arch Linux: All installations between February 24, 2024, and March 28, 2024 (including container images).
• Ubuntu: Potential risks in the forthcoming 24.04 beta images (currently under investigation).

Unaffected Systems

As per the latest information, the following systems are not impacted:

• Debian Stable versions
• Ubuntu (current versions as of March 31, 2024)

Notably, I tested my own Ubuntu version and confirmed it uses an older release of the XZ libraries that does not contain this backdoor. If you are operating Fedora Rawhide, it is strongly recommended to switch to a different version or update immediately. For desktop users, an immediate update is advisable regardless of the system version. The exploitability of this backdoor is too significant to ignore.

How the Backdoor Operates

The backdoor was cunningly concealed within a seemingly innocuous script added to the XZ source code. This script activates during the build process, embedding malicious code that can provide unauthorized remote access via the SSH server.

How to Identify Vulnerable Systems

To check if your system is vulnerable, execute the following command in your terminal:

XZ --version

This command will reveal the installed version of XZ. If the output shows version 5.6.0 or 5.6.1, your system may be at risk.

Recommendations

1. Update Immediately: The most crucial step is to update your system without delay. Install the latest security patches available from your distribution’s repository.
2. Cease Use of Unpatched Systems: If immediate updating isn’t feasible, refrain from using the affected system to mitigate the risk of remote access.
3. Verify SSH Security: During the update process, consider disabling the SSH server to prevent potential exploitation through the backdoor.
4. Stay Informed: This is a rapidly changing situation. Regularly follow trusted security sources for updates and guidance.

Conclusion

The vulnerability in XZ libraries represents a serious security threat to Linux systems. By adhering to the recommendations provided, you can reduce the risk and safeguard your system against unauthorized access. Staying updated on the latest security threats and promptly applying patches is essential for maintaining a secure computing environment.

I want to stress the importance of timely updates and good security practices. This incident serves as a crucial reminder of the open-source community's vital role in recognizing and addressing vulnerabilities. Users must remain vigilant and proactive in securing their systems.

Additional Considerations:

• Supply Chain Attacks: This vulnerability highlights the increasing threat of supply chain attacks, where malicious actors target software development tools and libraries to inject backdoors.
• Exploitation Timelines: Acting quickly upon discovering vulnerabilities is critical, as attackers can exploit these weaknesses within minutes or hours.
• Multi-Layered Defense: A comprehensive security strategy is essential. Regular system updates, firewalls, intrusion detection systems, and user education are key components of effective protection.

By staying informed, promptly applying updates, and implementing strong security measures, we can collectively mitigate risks and protect our systems from potential threats.

Special thanks to SavvyNik from YouTube for bringing this issue to light; he is an excellent resource for all things related to Linux.

Resources:

• SavvyNik YouTube Video
• The Original Openwall Post
• Version Checker for Different Linux Distributions
• SameSame’s Explanations and Fixes from his GitHub