Linux admins living in fear of the XZ backdoor can get some relief

Binarly’s scanner will reduce the time you spend searching and false positives

Thanks to a curious and skilled engineer named Andres Freud, Linux administrators now live in a nightmare world. He discovered a backdoor in the XZ Utils package, which contains many tools and libraries at the heart of Linux distributions. Generally speaking, the solution is to keep the previous version of XZ Utils, since the 5.4.6 stable version does not have this flaw. However, those upgrading to XZ version 5.6.0 or 5.6.1 will need to do actual searches via vbyte strings, file hashes, and other techniques to detect which vulnerabilities exist on their systems.

Binarly has designed a tool that can automatically detect the XZ backdoor, which will analyze your binary to identify tampering with transformations in GNU indirect functions. Not only does this reduce the time you spend searching for vulnerabilities in your system, it’s also more accurate than a manual process. It also scans outside of XZ Utils to detect if you have been penetrated and if the attacker has turned some of your other utilities into a backdoor.

You can read more about the tool’s capabilities at Bleeping Computer, or go directly to xz.fail to start protecting your system.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *