XZ Backdoor Attack, Linux Mint 22, Fedora Switch to KDE?, Flathub Unverified & more Linux news

preview_player
Показать описание


This week's news is exciting with cool new stuff and pretty bonkers because we narrowly avoided a security nightmare! A backdoor was discovered hidden in a common Linux utility, and it could have infected millions of devices. We'll break down how this almost happened, and what it means for you. Then, we'll switch gears and talk about some exciting upcoming features in Linux Mint 22. Fedora Linux might be getting a whole new look – we'll discuss a proposal to switch the default desktop environment. Flathub is making some changes to make it easier to indentify whether or not a Flatpak is official. Plus there is a new campaign for video game preservation that targets companies effectively breaking their games after an arbitary amount of time. All of this and more on this episode of This Week in Linux, Your Source for Linux GNews!

Chapters:
00:00 Intro
01:06 XZ backdoor found in widespread Linux utility
10:26 Flathub adds Unverified Badge to Flatpaks
14:42 Sponsored by Kolide
20:28 Linux Mint 22 Update, Future of Linux Mint
23:23 Fedora Change Proposal for KDE Plasma Default
25:24 Redis Changes Their Licensing Model
28:23 Serpent OS Hopes To Ship Pre-Alpha ISOs Soon
30:42 Flowblade 2.14 Video Editor Released
32:57 Outro

-----------------------------------------------------------------------------------

Thanks For Watching!

#Linux #TechNews #Podcast
  1. Michael Tunnell
  2. Linux
  3. open source
  4. linux podcast
  5. podcast
  6. tech podcast
Рекомендации по теме
Linux got wrecked 0:04:32

Linux got wrecked by backdoor attack

The XZ Backdoor 0:11:55

The XZ Backdoor Almost Compromised Every Linux System

XZ Backdoor Attack, 0:33:49

XZ Backdoor Attack, Linux Mint 22, Fedora Switch to KDE?, Flathub Unverified & more Linux news

XZ Backdoor: Timeline 0:10:31

XZ Backdoor: Timeline and Overview

Die BACKDOOR in 0:29:39

Die BACKDOOR in XZ Utils: Der SCHLIMMSTE ANGRIFF dieses Jahr

The XZ Linux 0:15:07

The XZ Linux Backdoor Is Incredibly BAD!!

What Everyone Missed 0:20:24

What Everyone Missed About The Linux Hack

Linux Backdoor Found 0:02:00

Linux Backdoor Found in XZ Utils Used by Most Distros | Are You Affected?

Malicious SSH BACK 0:11:38

Malicious SSH BACK DOOR Found in XZ on Linux

Linux Backdoor Attack-Do 0:25:21

Linux Backdoor Attack-Do We Need To Start Using Antivirus Software Now?

XZ Backdoor is 0:08:39

XZ Backdoor is NOT that bad!

new linux exploit 0:08:29

new linux exploit is absolutely insane

XZ Utils Back 0:12:07

XZ Utils Back Door AFTERMATH - Who did it?

Linux Reacts to 0:03:44

Linux Reacts to Being Hacked

When you first 0:00:32

When you first time install Kali linux for hacking 😄😄 #hacker #shorts

Kiosk mode Bruteforce 0:00:40

Kiosk mode Bruteforce Evasion with Flipper Zero

Linux users be 0:00:42

Linux users be like

linux users be 0:00:29

linux users be like

most dangerous Virus 0:00:29

most dangerous Virus in Windows 10

NEVER buy from 0:00:46

NEVER buy from the Dark Web.. #shorts

A Big Back 0:55:19

A Big Back Door in Linux

deleting system32 (don't 0:00:46

deleting system32 (don't try this at home) #shorts

Einer der größten 0:18:51

Einer der größten Angriffe auf Linux - liblzma-5.6.x

how to get 0:20:08

how to get remote access to your hacking targets // reverse shells with netcat (Windows and Linux!!)

Комментарии
Автор

Thankfully the community acted on time to prevent the worse case scenario from happening

greenrocket
Автор

This channel is a 10/10 for Linux Journalism and OSS news.

pamus
Автор

Have to say that I really feel sorry for the XZ dev (Tukaani?) I really hope they are given support from groups/orgs like Microsoft and Linux foundation etc and perhaps the tool itself should be moved under the watchful eye of one of these corps and Tukaani provided a good salary for continued work on such a widely used tool.

Trozpent
Автор

Appreciate your delivery and news. Great work!

OldKingMaple
Автор

Flatpak Unverified
I think it's a good idea to put a badge for unverified apps. But this can be improved. I personally don't like the term "unverfied" and wish it was more descriptive such as "Official" and "Unofficial". Also the warning symbol next to it looks like this could be malware. Also if there is an official app, it could be listed alongside to the unofficial one to bring it into relation.

thingsiplay
Автор

Thank you, Andres! Hope Microsoft rewards you with a handsome bonus or pay hike, even though it wasn't a Microsoft OS or application. But the responsibility to the general community should be commended and appreciated.

MegaSunspark
Автор

A Sunday with Linux weekly update just awesome thanks MT for makin this video!

prateekSpace
Автор

The Linux Foundation should employ the people that make critical parts of the system (like XZ) instead of wasting money on gender studies.

RockawayCCW
Автор

I've been watching every video that I can on this, and it's really surprising to me that this wasn't picked up and financially supported by someone somewhere. Redhat, Canonical, FSF, etc. and the list just goes on.

dlbike
Автор

xz nor was not part of the kernel, but part of systemd, which is another matter that could be discussed: Systemd goes against the "Unix philosophy" of small tools for specific problems, and tries to do a ton of stuff at boot up. Most OpenSSH on various distros don't use libzma nor call xz, but Redhat, (Fedora?) and Debian distros patch OpenSSH to do this. They add a patch to link sshd to systemd, which in turn, links to liblzma, and this allows xz Utils to exert control over sshd. While other linux distros could theoretically spread the malware, the vast majority wouldn't be directly effected. And this seems to be purposefully planned stealth, not an oversight. the malware had "security through obscurity", and wouldn't be noticed easily, but would compromise those specific distros seriously!

squirlmy
Автор

Thank you Michael for taking your time to explain what happened. Did I get it right, that it is "only" server based, that me using fedora 29 WS is not affected or would have been affected?

I only use flatpaks, and I am not confused, just feeling secure with flatpaks. What I don't feel secure with, is using KDE User Themes. They are not monitored by any human andis found to contain, in some cases, not all, malware.

louisfifteen
Автор

20:30 I've been saying it for years, but i believe it even more strongly now. Linux Mint should just drop Ubuntu and move their default base over to Debian. LMDE is already indistinguishable from the Main version to the untrained eye. There are differences but nothing the average joe would notice. They should drop Ubuntu like a hot potato and embrace Debian as their primary base. I've felt this way for many years. Also with the Debian backports repository you can get the newer kernels on Debian if you need them. The Mint team could easily link to the backports for their kernel manager GUI. and still offer an "Edge" kernel if they wanted to. It would be easy to do so.
Maybe we should start a petition to persuade Clem to drop Ubuntu from Mint. :)

matthewmoore
Автор

I love the flathub sign because packaging with virus is becoming a common deliverly system like with the OBS, VLC and ect that had virus packaged in the EXE's an just because its linux don't mean you can have malware installed on the system that will track and ect. right now linux's main weakness is info stealers. the new flathub system is the best for everyone.

Sunrise-di
Автор

About the Fedora KDE thing. I think it's all about variable refresh rate. In 2024 if you want to be taken serious as an OS you have to be able to nail gaming and variable refresh rate is at the top of everyone's list right now.

SecretlySeven
Автор

I liked that smash button and smashed the likes button too

jet
Автор

I don't use flatpaks because they don't theme right and when I tried the Thunderbird flatpak I could not send files or pdf's from Thunar with Thunderbird.

johanb.
Автор

Wayland on NVidia GPUs needs an urgent solution. ✅

Jopekos
Автор

please dont smirk at people that stay on stable and not in bleeding edge updated versions everytime, u opened up the video with a pretty good XZample of why we think thats an awesome ideia

namelast
Автор

(It would be nice if you marked support companies part of your video. For transparency.)

AndersJackson
Автор

the method they used is called a supply chain attack....

saint