{"id":584,"date":"2024-03-30T00:09:03","date_gmt":"2024-03-30T00:09:03","guid":{"rendered":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/"},"modified":"2025-05-07T08:56:38","modified_gmt":"2025-05-07T08:56:38","slug":"critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat","status":"publish","type":"post","link":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/","title":{"rendered":"Critical Security Flaw Alert for Fedora Linux 40\/41 and Rawhide Users by Red Hat"},"content":{"rendered":"<p>Today, Red Hat has issued an <em><a href=\"https:\/\/www.redhat.com\/en\/blog\/urgent-security-alert-fedora-41-and-rawhide-users\" target=\"_blank\" rel=\"nofollow noopener\">urgent security alert<\/a><\/em> for Fedora Linux 40, Fedora Linux 41, and Fedora Rawhide users concerning a security flaw (<em><a href=\"https:\/\/access.redhat.com\/security\/cve\/CVE-2024-3094\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2024-3094<\/a><\/em>) found within the XZ Utils 5.6.0 and 5.6.1 packages. This flaw could potentially allow unauthorized remote access via SSH.<\/p>\n<p>It appears that the upstream tarballs of the XZ Utils 5.6.0 package, shared via <a href=\"https:\/\/github.com\/tukaani-project\/xz\/releases\" target=\"_blank\" rel=\"nofollow noopener\"><em>GitHub<\/em><\/a> or the project&#8217;s <em>official website<\/em>, included additional .m4 files with instructions of building the software with a GNU Automake version missing in the repository.<\/p>\n<p>During the liblzma library compilation, a prebuilt object file, extracted from one of the test archives, is used to modify certain functions within the XZ Utils&#8217; code. Since software like sshd utilizes the liblzma library, malicious actors could use it to gain remote access to a compromised system.<\/p>\n<p>&#8220;The resulting malicious build interferes with authentication in sshd via systemd,&#8221; the security advisory reads, &#8220;Under specific conditions, this interference could potentially enable a malicious actor to bypass sshd authentication and gain unauthorized remote access to the entire system.&#8221;<\/p>\n<p>Red Hat warns users of <strong><a href=\"https:\/\/9to5linux.com\/fedora-linux-40-beta-released-with-gnome-46-kde-plasma-6-and-linux-kernel-6-8\" target=\"_blank\" rel=\"nofollow noopener\">Fedora Linux 40 beta<\/a><\/strong>, Fedora Linux 41 (pre-alpha), and Fedora Rawhide users to stop using their systems for business or personal use. Fedora Linux 41 and Fedora Rawhide systems already include the affected XZ packages, but it also looks like these were supplied to Fedora Linux 40 beta users earlier today.<\/p>\n<p>For Fedora Linux 40 beta users, there\u2019s an update that reverts the XZ package to version 5.4.x and it should become available to users through the normal update system. To force the update, you should run the command below in a terminal emulator or follow the instructions from <em><a href=\"https:\/\/bodhi.fedoraproject.org\/updates\/FEDORA-2024-d02c7bb266\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/em>.<\/p>\n<p>sudo dnf upgrade &#8211;refresh &#8211;advisory=FEDORA-2024-d02c7bb266<\/p>\n<p>While Fedora users may be affected, Red Hat states that this security flaw does not affect any of the Red Hat Enterprise Linux releases. Other GNU\/Linux distributions that ship with XZ Utils 5.6.0 or later versions should be affected as well. However, none of the known stable distros include these newer XZ Utils versions.<\/p>\n<p>In good news for Fedora Linux 40 beta users, the live ISO images come with XZ 5.4.6, which is immune to this issue. Albeit, the not-so-good news is that if you update your installation, the newer XZ 5.6.0 update could be installed automatically. Therefore, <b>Please do not update your installations if you&#8217;re using XZ 5.4.6<\/b>.<\/p>\n<p>If you&#8217;ve installed XZ 5.6.0 (check with <code>&lt;a href=\"sudo dnf install xz rel=\"nofollow\" target=\"_blank\"&gt;<\/code>), the command previously mentioned is now functional for Fedora Linux 40 beta systems and it&#8217;ll downgrade the package version to 5.4.6 while removing version 5.6.0 from your system. As of this writing, XZ 5.6.0 is no longer offered as an update to Fedora Linux 40 beta users.<\/p>\n<p>This vulnerability only impacts 64-bit (x86_64) systems. Furthermore, it only becomes exploitable if your SSH daemon (sshd) is accessible from the Internet.<\/p>\n<p>Andres Freund provides a detailed analysis <a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2024\/03\/29\/4\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a> of how this vulnerability affects your system after testing on Debian Sid (Unstable). Red Hat indicated that openSUSE distribution users are also affected, and SUSE has published a downgrade procedure <a href=\"https:\/\/build.opensuse.org\/request\/show\/1163302\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a> for users who have installed the vulnerable XZ package.<\/p>\n<p>Between March 26th and March 29th, Kali Linux users were impacted by this vulnerability. Offensive Security now advises Kali Linux users to update their installations immediately to implement the most recent patches if their systems were updated on or after March 26th.<\/p>\n<p>Vegard Nossum has now created a script that checks if your ssh binary is vulnerable. You can download it from <a href=\"https:\/\/www.openwall.com\/lists\/oss-security\/2024\/03\/29\/4\/3\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a> and run it using the <code>sh detect_sh.bin<\/code> command in a terminal window.<\/p>\n<p>The openSUSE Project <em><a href=\"https:\/\/news.opensuse.org\/2024\/03\/29\/xz-backdoor\/\" target=\"_blank\" rel=\"nofollow noopener\">published a statement<\/a><\/em> addressing the recently discovered vulnerability in the XZ compression library. This issue impacted the openSUSE Tumbleweed and openSUSE MicroOS distributions. As outlined in the statement, from March 7th to March 28th, users of these distributions had the affected XZ 5.6.1 package loaded in their systems. This was rectified by the openSUSE Project through a rollback to XZ 5.4.<\/p>\n<p>Richard W.M. Jones, a computer programmer at Red Hat, <em><a href=\"https:\/\/news.ycombinator.com\/item?id=39866275\" target=\"_blank\" rel=\"nofollow noopener\">indicates<\/a><\/em> the individual responsible for the backdoor had been a member of the XZ Utils project for a two-year duration, contributing numerous binary test files. Jones had been in talks with him over several weeks, attempting to add XZ 5.6.x to Fedora Linux 40 and Fedora Linux 41, citing its &#8220;excellent new features&#8221;.<\/p>\n<p>There was also an <em><a href=\"https:\/\/security.archlinux.org\/ASA-202403-1\" target=\"_blank\" rel=\"nofollow noopener\">advisory about security<\/a><\/em> from the Arch Linux developers, who stated that for their version of sshd, &#8220;the harmful code path does not exist, as it does not link to liblzma&#8221;. It is recommended for Arch Linux users to upgrade to xz 5.6.1-2 to prevent the defective code from being present in their systems, as it may be activated from other, unidentified directions.<\/p>\n<blockquote><p>As of 5:40 pm ET on March 29th, 2024, the information presented in this article is accurate. I\u2019ll update this blog post if there will be updates to this situation.<\/p><\/blockquote>\n<p><i>Last updated 17 seconds ago<\/i><\/p>\n<div>\n<p><a href=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4884260090736868\" target=\"_blank\" rel=\"nofollow noopener\">Advertisement<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Today, Red Hat has issued an urgent security alert for Fedora Linux 40, Fedora Linux 41, and Fedora Rawhide users concerning a security flaw (CVE-2024-3094) found within the XZ Utils 5.6.0 and 5.6.1 packages. This flaw could potentially allow unauthorized remote access via SSH. It appears that the upstream tarballs of the XZ Utils 5.6.0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":585,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[236,4,249,352,353],"tags":[],"class_list":["post-584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fedora-linux","category-news","category-security","category-security-flaw","category-xz"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security Alert for Fedora Linux 40\/41 Users | ServerHost<\/title>\n<meta name=\"description\" content=\"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Alert for Fedora Linux 40\/41 Users | ServerHost\" \/>\n<meta property=\"og:description\" content=\"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/\" \/>\n<meta property=\"og:site_name\" content=\"ServerHost Hosting Solutions Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-30T00:09:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-07T08:56:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1346\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/\",\"url\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/\",\"name\":\"Security Alert for Fedora Linux 40\/41 Users | ServerHost\",\"isPartOf\":{\"@id\":\"https:\/\/serverhost.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp\",\"datePublished\":\"2024-03-30T00:09:03+00:00\",\"dateModified\":\"2025-05-07T08:56:38+00:00\",\"author\":{\"@id\":\"https:\/\/serverhost.com\/blog\/#\/schema\/person\/535ebc9c42672d8f79ad3ee8ea563d66\"},\"description\":\"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.\",\"breadcrumb\":{\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage\",\"url\":\"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp\",\"contentUrl\":\"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp\",\"width\":2560,\"height\":1346},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/serverhost.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Security Flaw Alert for Fedora Linux 40\/41 and Rawhide Users by Red Hat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/serverhost.com\/blog\/#website\",\"url\":\"https:\/\/serverhost.com\/blog\/\",\"name\":\"ServerHost Hosting Solutions Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/serverhost.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/serverhost.com\/blog\/#\/schema\/person\/535ebc9c42672d8f79ad3ee8ea563d66\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/serverhost.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b8e5973018461f98bcdda40e69a0a7ae6548c079e5e7a1a0c8b40c0738e0fb52?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b8e5973018461f98bcdda40e69a0a7ae6548c079e5e7a1a0c8b40c0738e0fb52?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/serverhost.com\/blog\"],\"url\":\"https:\/\/serverhost.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Alert for Fedora Linux 40\/41 Users | ServerHost","description":"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/","og_locale":"en_US","og_type":"article","og_title":"Security Alert for Fedora Linux 40\/41 Users | ServerHost","og_description":"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.","og_url":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/","og_site_name":"ServerHost Hosting Solutions Blog","article_published_time":"2024-03-30T00:09:03+00:00","article_modified_time":"2025-05-07T08:56:38+00:00","og_image":[{"width":2560,"height":1346,"url":"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp","type":"image\/webp"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/","url":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/","name":"Security Alert for Fedora Linux 40\/41 Users | ServerHost","isPartOf":{"@id":"https:\/\/serverhost.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage"},"image":{"@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage"},"thumbnailUrl":"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp","datePublished":"2024-03-30T00:09:03+00:00","dateModified":"2025-05-07T08:56:38+00:00","author":{"@id":"https:\/\/serverhost.com\/blog\/#\/schema\/person\/535ebc9c42672d8f79ad3ee8ea563d66"},"description":"Fedora Linux 40 and 41 face a significant security alert, urging users to apply necessary system updates for protection. Protect your data and devices now.","breadcrumb":{"@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#primaryimage","url":"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp","contentUrl":"https:\/\/serverhost.com\/blog\/wp-content\/uploads\/2024\/03\/0a7d0854ef2f72e84c18d0e20e69e96b-scaled.webp","width":2560,"height":1346},{"@type":"BreadcrumbList","@id":"https:\/\/serverhost.com\/blog\/critical-security-flaw-alert-for-fedora-linux-40-41-and-rawhide-users-by-red-hat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/serverhost.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Security Flaw Alert for Fedora Linux 40\/41 and Rawhide Users by Red Hat"}]},{"@type":"WebSite","@id":"https:\/\/serverhost.com\/blog\/#website","url":"https:\/\/serverhost.com\/blog\/","name":"ServerHost Hosting Solutions Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/serverhost.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/serverhost.com\/blog\/#\/schema\/person\/535ebc9c42672d8f79ad3ee8ea563d66","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/serverhost.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b8e5973018461f98bcdda40e69a0a7ae6548c079e5e7a1a0c8b40c0738e0fb52?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b8e5973018461f98bcdda40e69a0a7ae6548c079e5e7a1a0c8b40c0738e0fb52?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/serverhost.com\/blog"],"url":"https:\/\/serverhost.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/posts\/584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/comments?post=584"}],"version-history":[{"count":2,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/posts\/584\/revisions"}],"predecessor-version":[{"id":2565,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/posts\/584\/revisions\/2565"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/media\/585"}],"wp:attachment":[{"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/media?parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/categories?post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serverhost.com\/blog\/wp-json\/wp\/v2\/tags?post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}