Last active
April 16, 2024 15:16
-
-
Save jamesspi/ee8319f55d49b4f44345c626f80c430f to your computer and use it in GitHub Desktop.
OSQuery To Check for XZ and liblzma - *nix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT 'DEB Package' AS source, name, version, | |
CASE | |
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable' | |
ELSE 'Most likely not vulnerable' | |
END AS status | |
FROM deb_packages | |
WHERE name = 'xz-utils' OR name = 'liblzma' OR name LIKE 'liblzma%' | |
UNION | |
SELECT 'RPM Package' AS source, name, version, | |
CASE | |
WHEN version LIKE '5.6.0%' OR version LIKE '5.6.1%' THEN 'Potentially Vulnerable' | |
ELSE 'Most likely not vulnerable' | |
END AS status | |
FROM rpm_packages | |
WHERE name = 'xz-utils' OR name = 'liblzma' OR name LIKE 'liblzma%'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For CentOS, Rocky or Alma Linux i added condition " OR name = 'xz-libs' " to the query:
WHERE name = 'xz-utils' OR name = 'xz-libs' OR name = 'liblzma' OR name LIKE 'liblzma%' ;