CVE-2024-3094

XZ-Utils Vulnerability Checker and Fixer

This Bash script checks for vulnerable versions of xz-utils installed on your system and offers to replace them with a stable, uncompromised version.

Requirements

• wget
• tar
• make
• sudo

Usage

1. Ensure you have the required dependencies installed.
2. Run the script with the following command:

wget -O - https://raw.githubusercontent.com/Fractal-Tess/CVE-2024-3094/main/CVE-2024-3094-checker.sh | sudo bash

or

curl -L https://raw.githubusercontent.com/Fractal-Tess/CVE-2024-3094/main/CVE-2024-3094-checker.sh | sudo bash

or

git clone https://github.com/Fractal-Tess/CVE-2024-3094
cd CVE-2024-3094
chmod +x CVE-2024-3094-checker.sh
sudo ./CVE-2024-3094-checker.sh

Description

The script performs the following steps:

1. Checks if xz-utils is installed.
2. Checks the version of xz-utils.
3. If the version is vulnerable (5.6.0 or 5.6.1), it prompts the user to install the stable version (5.4.6) from source.
4. Downloads the stable version from the official GitHub repository.
5. Verifies the integrity of the downloaded file via a sha256sum checksum.
6. Configures, compiles, and installs the stable version.
7. Notifies the user about the successful installation and prompts them to uninstall the vulnerable version using their package manager.

Note

• It's recommended to uninstall the vulnerable version manually after installing the stable version to ensure system integrity.

Disclaimer

This script is provided as-is and without warranty. Use at your own risk.