Security News > 2024 > March > Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns.

The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.

"Luckily xz 5.6.0 and 5.6.1 have not yet widely been integrated by Linux distributions, and where they have, mostly in pre-release versions."

"The malicious code found in the latest versions of the xz libraries show just how critical it is to have a vigilant and veteran Linux security team monitoring software supply chain channels," Vincent Danen, VP, Product Security at Red Hat, told Help Net Security.

"Red Hat, along with CISA and other Linux distributions, were able to identify, assess and help remediate this potential threat before it posed a significant risk to the broader Linux community."

CISA has advised developers and users to downgrade XZ Utils to an uncompromised version and to hunt for any malicious activity and report any positive findings to the agency.

News URL

https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/