Responding to XZ-Utils Vulnerability

Hello Everyone - liblzma is an encryption library used by OpenSSH, the default SSH server used in the Linux world. Based on reports from Debian and NIST, malicious code gets injected during build time. Which for most of us, is during the fresh installation of our OS. Version 5.6.0 and 5.6.1 are known to be impacted. Below you will find the output I receieved from my Debian 11 device.

$ xz -V
xz (XZ Utils) 5.2.5
liblzma 5.2.5

Based on the output above, I am on verison 5.2.5. This is consistent with the Debian Security Advisory, that Debian Test & Debian Unstable were the only branches impacted. If you need to downgrade or patch, the following command should work within Debian Unstable.

apt update && apt install liblzma -a 5.6.1+really5.4.5-1


Back to top ↑


Mom Said Redefine Success

In High School I had one dream that stands out. Own a Porsche by the time I was 26. Looking back, I have no idea where this dream came from; because I was ra...

Back to top ↑


Back to top ↑


Back to top ↑