Following the recent disclosure of a backdoor in upstream xz/liblzma, we are writing this “get started” kind of blog post. We will explain how to setup an environment with the backdoored version of liblzma, and then the first commands to run to validate that the backdoor is installed. All in all, it should just take a few minutes, and there’s no learning curve, it’s all very simple.
As of 5:00 pm ET on March 29, 2024 the following information is accurate. Should there be updates to this situation, they will be edited onto this blog post. The xz-utils package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.
Hello 2024! Today we are unveiling Kali Linux 2024.1. As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools and upgrades to existing ones. If you want to see the new theme for yourself and maybe try out one of those new mirrors, download a new image or upgrade if you have an existing Kali Linux installation.
Last month we were privileged to be invited by GitLab to participate in the introduction of GitLab’s DEI Badging integration. Diversity, Equity, and Inclusion (DEI) badging is an initiative that the Community Health Analytics in Open Source Software (CHAOSS) project created to acknowledge and encourage open source projects’ efforts.
Since we first heard of this initiative we have been very excited for the launch. Inclusion in the open source space has always been important and the cornerstone of what makes open source work. This sort of formalization of what inclusion means and how we execute on it is an important step forward in the maturation of open source projects in general. Kali Linux is an open-source, multi-platform, distribution for all users, and with this effort we have the opportunity to make that explicit. We are also proud to say that we have already received our badge, as the first GitLab project to do so, aside from GitLab themselves of course!
TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list, and add non-free-firmware if ever it’s missing.
Programmatically speaking:
kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now.
As you might know already, Kali Linux is a Debian-based Linux distribution. As such, it inherits a number of things from Debian, and in particular, the structure of the package repository.
With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there has still been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone. News, platforms, and features aside, it would not be a Kali release if there was not a number of changes to our packages - both new tools and upgrades to existing ones. If you want to see what is new for yourself download a new image or upgrade if you already have a Kali Linux installation.
Today we are delighted to introduce our latest release of Kali, 2023.3. This release blog post does not have the most features in it, as a lot of the changes have been behind-the-scenes, which brings a huge benefit to us and an indirect positive effect to you as end-users. It always goes without saying, but there are a number of new packages and tools as well as the standard updates. If you want to see what’s new for yourself download or upgrade if you have an existing Kali Linux installation.
TL;DR: pip install is on the way out. Installing Python packages must be done via APT, aka. Kali Linux’s package manager. Python packages coming from other sources should be installed in virtual environments.
Long story below.
Some background Back in February this year, for a few days, some of you might have tried (and failed) to install Python packages with Pip, aka. Python’s package manager. Suddenly it didn’t work anymore, and it gave this error message instead:
Quick off the mark from previous 10 year anniversary, Kali Linux 2023.2 is now here. It is ready for immediate download or upgrading if you have an existing Kali Linux installation.
The changelog highlights over the last few weeks since March’s release of 2023.1 is:
New VM image for Hyper-V - With “Enhanced Session Mode” out of the box Xfce audio stack update: enters PipeWire - Better audio for Kali’s default desktop i3 desktop overhaul - i3-gaps merged with i3 Desktop updates - Easy hashing in Xfce GNOME 44 - Gnome Shell version bump Icons & menus updates - New apps and icons in menu New tools - As always, various new packages added New Hyper-V VM Image With this release, we welcome a new member in the family of pre-built VM images! We now provide an image for Microsoft Hyper-V.
Wednesday 13th, March 2013, 10 years ago, Kali Linux v1.0 was first released. Today we want to celebrate Kali’s 10th anniversary!
Time has flown. And gosh, a lot has changed since then! They grow up so fast!