Security News > 2024 > March > Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
2024-03-30 05:23

RedHat on Friday released an "urgent security alert" warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It impacts XZ Utils


News URL

https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-03-29 CVE-2024-3094 Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
network
low complexity
tukaani CWE-506
critical
 10.0
10

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 373 2478 1533 666 5050