XZ Vulnerability Mitigation

Details on mitigating the XZ vulnerability in Aegix Linux.

Now You Can Just Update

This can be mitigated just by updating now.

🪶Aegix:[beach✨byzantium ~]$ pacman -Qn xz
xz 5.6.1-3

XZ Vulnerability Mitigation

Hey.. so xz vulnerability is a real thing.

Run this in your terminal to check version:

xz --version

5.6.0 and 5.6.1 are vulnerable

On an arch-based system like Artix (or Aegix) , look for a prior installed version like this:

ls /var/cache/pacman/pkg/xz-*

Then downgrade like this:

pacman -U /var/cache/pacman/pkg/xz-5.4.6-1-x86_64.pkg.tar.zst

Then check your version again.

This is the most legit open source backdoor I’ve ever seen.. https://nvd.nist.gov/vuln/detail/CVE-2024-3094

research!rsc Timeline of the xz open source attack

Last modified April 9, 2024: 04/09/24 23:15:20 (e6d0788)