Tumbleweed Users Face Urgent 2000+ Package Updates

openSUSE rebuilds the entire codebase of Tumbleweed after a backdoor discovery in the xz library. Immediate update required!

There has been much activity in the Linux community recently since it was discovered that some XZ tarballs had malicious code hidden in them. As a result, Debian devs have decided to delay the launch of the 12.6 release until they can fully understand how widespread the issue is and how much damage the bad code might have done.

Currently, is no straightforward way to determine if a system has been compromised due to this vulnerability. Vegard Nossum wrote a script, “detect_sh.bin,” to detect if it’s likely that the ssh binary on a system is vulnerable. The script can be found here (at the end of the publication). However, its use is more for informational purposes.

In other words, the absence of reliable detection methods at the moment further emphasizes the importance of prompt action by users to secure their systems. And openSUSE Tumbleweed was quick to approach the problem quite decisively.

If you use this fantastic rolling-release distribution, you’ll be amazed that around 2000 updates are ready for you today. That’s correct – openSUSE Tumbleweed has rebuilt its whole codebase and every package.

openSUSE Tumbleweed Updates

Of course, the number of packages varies according to each installation. Yes, downloading and installing such extensive updates may seem daunting to many users.

However, it is necessary to ensure the security and integrity of users’ systems. By rebuilding the entire codebase against a known uncompromised version of the XZ library, openSUSE aims to safeguard its users against potential breaches and maintain the trustworthiness of its distribution.

Additionally, suppose you use the Plasma desktop and haven’t updated your computer since Plasma 6 was added to the Tumbleweed repositories in the last two weeks. In that case, it’s a good idea to update in a different way than usual. Instead of updating while you’re in the desktop environment, do it through a virtual terminal.

Here’s how: Press “CTRL+ALT+F4” to switch to a virtual console, and then use the usual commands listed below to update your system.

sudo zypper ref
sudo zypper dup

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.