How to quickly check if your #linux system may be affected by the recent XZ utils backdoor.
Update: (thx @scy) I've been advised not to run "xz --version" because the full extend of this backdoor is still being researched. Instead use your package manager to check the version, i.e. for apt that would be:
apt list liblzma5
very bad: versions 5.6.0 or 5.6.1
5.4.6. or earlier - probably ok, no one knows for sure right now, keep an eye out for updates
@chris Hi. Fwiw, whist using the xz --version string will suffice for many distros, it's inadequate for #Arch based ones, as here the important detail is revealed by the 4th significant figure, whereas version only reports the first 3.
@chris Note that by doing this, you're actually running xz, a binary which the attacker has had under their control for years, and which may include more malware than we currently know about.
It has not yet been analyzed fully. Versions older than 5.6 might have been manipulated, too. We don't know yet.
This is bad advice.
The correct way to check would be to ask your package manager which version is installed.