Security News > 2024 > April > Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
2024-04-02 13:18
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
News URL
https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
Related news
- CUPS flaws enable Linux remote code execution, but there’s a catch (source)
- That doomsday critical Linux bug: It's CUPS. Could lead to remote hijacking of devices (source)
- That doomsday critical Linux bug: It's CUPS. May lead to remote hijacking of devices (source)
- CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE (source)
- Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-3094 | Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |