GParted Live Is Now Patched Against the XZ Backdoor, Powered by Linux Kernel 6.7

posted by Marius Nestor on Apr 09, 2024



GParted Live 1.6.0-3 is the third maintenance update to GParted Live 1.6, which was launched on February 28th, 2024, with GParted 1.6, a release that brought a change that would stop GParted from forcing a 1 MiB gap when moving the partition boundary to the right, exFAT improvements, and removed the “Attempt Data Rescue” feature and use of the gpart utility.

Based on the Debian Sid (Debian 13 “Trixie”) repository as of April 8th, 2024, GParted Live 1.6.0-3 ships XZ Utils 5.4.5-0.2 instead of the XZ Utils 5.6.0 release that contained a backdoor that could allow a remote attacker to compromise an SSH server or any software linked against the liblzma library included in the package, which injected malicious code at build time.

