Debian Decided to Postpone the 12.6 Release

After Linux XZ Tarball's backdoor discovery, Debian's devs decided to pause the 12.6 release for an in-depth analysis of CVE effects.

Without a doubt, the deliberate infiltration of backdoored upstream XZ tarballs into the Debian sid repository a few days ago, allowing remote SSH access without authentication, sparked a real storm in the Linux community.

This security vulnerability, CVE-2024-3094, didn’t just affect Debian sid. It also impacted several other Linux distributions, including certain versions of Fedora, Arch, openSUSE Tumbleweed, Kali, and more.

In light of this, the Debian project has announced a delay in releasing its upcoming version 12.6, initially planned for April 6. This decision comes as the team undertakes a thorough investigation involving assessing its potential impact on the Debian Archive, a comprehensive collection of Debian software packages.

Although there is currently no evidence to suggest that any stable versions of Debian are affected by this issue, ensuring that the vulnerability does not affect the distribution’s vast ecosystem of applications and services is crucial.

It’s not surprising that Debian, known for prioritizing security and stability, leaves nothing to chance – a commitment that makes it a preferable choice for a dependable server operating system.

So, the release of the sixth update to the ‘Bookworm’ 12 series will be postponed until devs thoroughly check every detail of CVE-2024-3094 to ensure all possible risks to users are entirely taken care of. Currently, the Debian project hasn’t set a new date for the 12.6 release.

This approach fits well with their usual practice of releasing updates only when they’re fully ready.

Meanwhile, Lasse Collin, one of the two leading developers of XZ, posted information highlighting that Jia Tan has created and signed all backdoored packages. At the moment, the reasons behind his actions remain utterly unclear.

As always, we’re closely monitoring the situation and will update you whenever anything changes.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%