Clonezilla Live Is Now Patched Against the XZ Backdoor, Powered by Linux 6.7

Clonezilla Live 3.1.2-22 is now available adding two new tools to the live system, namely powermgmt-base and pdsh, and fixing various bugs.
Clonezilla Live 3.1.2-22

Steven Shiau released today a new version of his Clonezilla Live system for disk cloning/imaging based on the powerful Clonezilla software, Clonezilla Live 3.1.2-22, which adds a newer kernel and patches the live system against the latest XZ backdoor.

Clonezilla Live 3.1.2-22 is the second installment in the Clonezilla Live 3.1.2 series mostly as an emergency release to patch the live system against the recent XZ backdoor by downgrading the xz-utils package from version 5.6.0 to version 5.4.5, the latter not being affected by the backdoor, which allowed a remote attacker to compromise the SSH server.

Clonezilla Live 3.1.2-22 also ships with a newer kernel, namely Linux 6.7.9-2 from the Debian Sid repositories. The previous Clonezilla Live version used Linux kernel 6.6.11-1, so the new kernel should provide better hardware support.

Other than that, the Clonezilla Live 3.1.2-22 release adds a new format for messages sent to ocsmgrd, using a comma (,) to separate the messages, adds the powermgmt-base and pdsh tools to the live system, and updates the ezio package to version 2.0.11.

It also adds support for rotating Clonezilla-related log files and support for receiving new format messages from clients, fixes a bug that prevented messages from being sent to ocsmgrd in Bluetooth mode, and removes the ip= parameter from boot parameters due to a bug when creating a custom ISO using the ocs-iso utility.

Moreover, the disable_sudo_use_pty script was updated as well to negate it explicitly, not just comment it, which should avoid distortion of gpm with jfbterm. Of course, the underlying system was upgraded and it’s synced with the Debian Sid repository as of April 8th, 2024.

Clonezilla Live 3.1.2-22 is now available for download from the official website as live ISO images for 32-bit and 64-bit systems. Again, it is highly recommended that you use this new Clonezilla Live version for all your disk imaging or cloning tasks rather than any other releases due to the XZ backdoor.

Last updated 1 month ago

Buy Me a Coffee at ko-fi.com