Security News > 2024 > April > Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
![Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution](/static/build/img/news/malicious-code-in-xz-utils-for-linux-systems-enables-remote-code-execution-medium.jpg)
2024-04-02 13:18
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
News URL
https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
Related news
- New PHP Vulnerability Exposes Windows Servers to Remote Code Execution (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Mailcow Mail Server Flaws Expose Servers to Remote Code Execution (source)
- New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (source)
- New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (source)
- New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk (source)
- New Linux Variant of Play Ransomware Targeting VMWare ESXi Systems (source)
- Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-29 | CVE-2024-3094 | Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |