Are you affected by the 2024 backdoor in xz-utils?

⏰ Last updated 2024-03-31 13:48

Yesterday (2024-03-29) a backdoor was discovered in xz-utils 💔. It made the rounds on all social media opsec channels.

You can read the full disclosure here and. here.

As the only affected versions are 5.6.0 and 5.6.1, you can check if you are affected by running the gist below. on a fleet of servers.

If you are affected, you should upgrade to a newer version of xz-utils, or disable SSH on the affected servers.

Stay safe out there 🙃!