Tumbleweed Users Face Urgent 2000+ Package Updates

openSUSE rebuilds the entire codebase of Tumbleweed after a backdoor discovery in the xz library. Immediate update required!

There has been much activity in the Linux community recently since it was discovered that some XZ tarballs had malicious code hidden in them. As a result, Debian devs have decided to delay the launch of the 12.6 release until they can fully understand how widespread the issue is and how much damage the bad code might have done.

Currently, is no straightforward way to determine if a system has been compromised due to this vulnerability. Vegard Nossum wrote a script, “detect_sh.bin,” to detect if it’s likely that the ssh binary on a system is vulnerable. The script can be found here (at the end of the publication). However, its use is more for informational purposes.

In other words, the absence of reliable detection methods at the moment further emphasizes the importance of prompt action by users to secure their systems. And openSUSE Tumbleweed was quick to approach the problem quite decisively.

If you use this fantastic rolling-release distribution, you’ll be amazed that around 2000 updates are ready for you today. That’s correct – openSUSE Tumbleweed has rebuilt its whole codebase and every package.

openSUSE Tumbleweed Updates

Of course, the number of packages varies according to each installation. Yes, downloading and installing such extensive updates may seem daunting to many users.

However, it is necessary to ensure the security and integrity of users’ systems. By rebuilding the entire codebase against a known uncompromised version of the XZ library, openSUSE aims to safeguard its users against potential breaches and maintain the trustworthiness of its distribution.

Additionally, suppose you use the Plasma desktop and haven’t updated your computer since Plasma 6 was added to the Tumbleweed repositories in the last two weeks. In that case, it’s a good idea to update in a different way than usual. Instead of updating while you’re in the desktop environment, do it through a virtual terminal.

Here’s how: Press “CTRL+ALT+F4” to switch to a virtual console, and then use the usual commands listed below to update your system.

sudo zypper ref
sudo zypper dup

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

2 Comments

  1. As it happens, when I updated to Plasma 6 I did so from inside a running X11 session, which I should have known better. So the system broke, but going back into run level 3 and running zypper dup again fixed it.

    Amazingly, I did this latest 2000+ update from inside a running X11 session from the Discover app – and everything worked fine.

    One wonders why if one can’t rely on either Discover or the System Tray notification app (which uses Discover now , apparently), WHY DO THEY BOTHER HAVING IT? Since neither of them tell you whether the updates being fetched are intended to affect the desktop unless you know every single program and library being updated… They should at least TELL YOU in advance “Hey, this update should be run from a virtual terminal.” But N-O-O-O-O…no one ever thought of that, these genius system programmers…

    “Software engineering” – isn’t… It’s a poorly run craft.

Leave a Reply

Your email address will not be published. Required fields are marked *