Security News > 2024 > March > Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
2024-03-30 05:23
RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils
News URL
https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-29 | CVE-2024-3094 | Unspecified vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |