Tag

Xz

All articles tagged with #xz

cybersecurity1 year ago•5 min saved

"Linux Backdoor Vulnerabilities Expose Open Source Fragility"

A backdoor was discovered in the open source compression library xz, potentially allowing full remote code execution on machines with the vulnerable package. The sophisticated attack involved multiple commits and a pressure campaign on the maintainer, raising concerns about the security of open source software. The identity of the perpetrator is unknown, but the attack suggests the involvement of a well-funded adversary, possibly with ties to a nation-state intelligence agency. This incident highlights the fragility of open source and the challenges of securing software maintained by volunteers.

via The Register|

#backdoor #cybersecurity #malicious-code

cybersecurity1 year ago•1 min saved

"Critical Linux Backdoor Threatens SSH Security"

A major vulnerability has been discovered in the xz package on Debian installations, potentially compromising SSH logins on Linux systems. The vulnerability, assigned CVE-2024-3094, allows for malicious code to be injected into the liblzma library, affecting versions 5.6.0 and 5.6.1. Users are advised to downgrade to version 5.4.6 or disable public-facing SSH servers to mitigate the risk.

via TechRadar|

#cybersecurity #linux #ssh

cybersecurity1 year ago•3 min saved

"Security Alert: Malicious Backdoor Discovered in Linux's XZ Utilities"

A malicious backdoor has been discovered in the xz data compression library, affecting versions 5.6.0 and 5.6.1, which may be present in upcoming Fedora Linux 40 and Fedora Rawhide. The backdoor provides remote access via OpenSSH and systemd, potentially allowing unauthorized access to affected systems. Red Hat has issued warnings and advised users to check and remove any backdoored builds of xz, with Debian Unstable and Kali Linux also affected. The supply-chain compromise may mainly impact bleeding-edge distributions, and efforts are being made to prevent widespread exploitation.

via The Register|

#backdoor #cybersecurity #linux

technology1 year ago•1 min saved

"Critical Security Flaw Discovered in XZ Utilities Used by Linux Distros"

Red Hat issued an urgent security alert for Fedora 41 and Fedora Rawhide users due to a security vulnerability in XZ 5.6.0/5.6.1 that could allow unauthorized remote system access. The malicious code interferes with sshd authentication via systemd, potentially enabling unauthorized access to the entire system. No fixed version has been released yet, and Debian has also issued a similar security warning. Users are advised to ensure they do not have XZ 5.6.0/5.6.1 on their systems.

via Phoronix|

#malicious-code #red-hat #remote-system-access