Attention about the Fedora Magazine article that elaborates this case: The article contained misleading information and still indicates misleading points after its update: If you have any F40 - including Beta - your “testing” branches are enabled by default: this means, any F40 has to be assumed to be affected and thus needs to follow the advice for mitigation below (please read the update 3 below). Communications between development and the magazine unfortunately is broken at the moment. The x...
AFAIK it‘s better to use rpm -q xz xz-libs (copied from the forum replies) to avoid running xz itself just in case the affected version is already installed
If you go to the post, on the comments, there is someone that is already telling you to run dnf list xz --installed. So you don’t need to run xz directly.
Bad title. This is CVE-2024-3094. Run “xz --version” to see if you are affected.
“Run the affected binary to see if you have it”
AFAIK it‘s better to use
rpm -q xz xz-libs
(copied from the forum replies) to avoid runningxz
itself just in case the affected version is already installedIf you are checking out the extent of damage on your system do not use
ldd
to check the links.You can inadvertently executed the exploit this way.
If you go to the post, on the comments, there is someone that is already telling you to run
dnf list xz --installed
. So you don’t need to runxz
directly.Yeah that’s just the title from the thread over on the Fedora forum
Can’t you edit it?
Yes but that would be disingenuous. The current title better captures the urgency of the situation