"Security Alert: Malicious Backdoor Discovered in Linux's XZ Utilities"
TL;DR Summary
A malicious backdoor has been discovered in the xz data compression library, affecting versions 5.6.0 and 5.6.1, which may be present in upcoming Fedora Linux 40 and Fedora Rawhide. The backdoor provides remote access via OpenSSH and systemd, potentially allowing unauthorized access to affected systems. Red Hat has issued warnings and advised users to check and remove any backdoored builds of xz, with Debian Unstable and Kali Linux also affected. The supply-chain compromise may mainly impact bleeding-edge distributions, and efforts are being made to prevent widespread exploitation.
- Malicious SSH backdoor sneaks into xz, Linux world's data compression library The Register
- Red Hat, CISA Warn of XZ Utils Backdoor Duo Security
- Backdoor found in widely used Linux utility breaks encrypted SSH connections Ars Technica
- Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Help Net Security
- Malicious backdoor code embedded in popular Linux tool, CISA and Red Hat warn The Record from Recorded Future News
Reading Insights
Total Reads
0
Unique Readers
1
Time Saved
3 min
vs 4 min read
Condensed
88%
724 → 87 words
Want the full story? Read the original article
Read on The Register