Skip to content

Instantly share code, notes, and snippets.

@jamesspi
Last active April 16, 2024 15:16
Show Gist options
  • Save jamesspi/ee8319f55d49b4f44345c626f80c430f to your computer and use it in GitHub Desktop.
Save jamesspi/ee8319f55d49b4f44345c626f80c430f to your computer and use it in GitHub Desktop.
OSQuery To Check for XZ and liblzma - *nix
SELECT 'DEB Package' AS source, name, version,
CASE
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable'
ELSE 'Most likely not vulnerable'
END AS status
FROM deb_packages
WHERE name = 'xz-utils' OR name = 'liblzma' OR name LIKE 'liblzma%'
UNION
SELECT 'RPM Package' AS source, name, version,
CASE
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable'
ELSE 'Most likely not vulnerable'
END AS status
FROM rpm_packages
WHERE name = 'xz-utils' OR name = 'liblzma' OR name LIKE 'liblzma%';
@claudioviviani
Copy link

For CentOS, Rocky or Alma Linux i added condition " OR name = 'xz-libs' " to the query:

WHERE name = 'xz-utils' OR name = 'xz-libs' OR name = 'liblzma' OR name LIKE 'liblzma%' ;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment