WARNING: Malicious code in current pre-release & testing versions/variants: F40 and rawhide affected - users of F40/rawhide need to respond

⸻ Ban DHMO 🇦🇺 ⸻ · 7 months ago

WARNING: Malicious code in current pre-release & testing versions/variants: F40 and rawhide affected - users of F40/rawhide need to respond

(discussion.fedoraproject.org)

kaleissin · 7 months ago

Bad title. This is CVE-2024-3094. Run “xz --version” to see if you are affected.

ryannathans · 7 months ago

“Run the affected binary to see if you have it”

1henno1 · 7 months ago

AFAIK it‘s better to use rpm -q xz xz-libs (copied from the forum replies) to avoid running xz itself just in case the affected version is already installed

ⲇⲅⲇ · 7 months ago

If you go to the post, on the comments, there is someone that is already telling you to run dnf list xz --installed. So you don’t need to run xz directly.

⸻ Ban DHMO 🇦🇺 ⸻ · 7 months ago

Yeah that’s just the title from the thread over on the Fedora forum

InnerScientist · 7 months ago

Can’t you edit it?

⸻ Ban DHMO 🇦🇺 ⸻ · 7 months ago

Yes but that would be disingenuous. The current title better captures the urgency of the situation

bitwolf · 7 months ago

If you are checking out the extent of damage on your system do not use ldd to check the links.

You can inadvertently executed the exploit this way.