If you have been on the internet recently you should already know what happened with the XZ vulnerability. Basically this vulnerability was introduced very recently and not all distros are affected by it.
Only the versions 5.6.0 and 5.6.1 is affected. So if you aren't using these and you haven't upgraded recently then you are safe.
If you are ubuntu user this shouldn't affect you as the most recent version of xz available for ubuntu is version 5.4.
Still I'll document here how to detect and downgrade specific packages if something like this occur.
So the package that was the problem is the xz-utils pacakge.
At first we'll have to which version we are using.
We can do it using the following commands
xz --version
or
apt-cache showpkg xz-utils
or
apt-cache policy xz-utils
If the currently used version is 5.6.0 or 5.6.1 we'll have to downgrade.
To downgrade first we'll need to know which versions are available.
We can do that using
apt search xz-utils
Now when we've selected a version to downgrade to we can downgrade using this
sudo apt-get install xz-utils=<version>
A sample of this is like this
sudo apt-get install xz-utils=5.2.5-2ubuntu1
Although not recommended, but if you want to hold automatic upgrade for this package you can do it like this.
sudo apt-mark hold xz-utils
or to revert the hold you can use this
sudo apt-mark unhold xz-utils
You can follow this for more specific instructions for other distros.
Top comments (0)