Security News > 2024 > April > Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
2024-04-02 13:18
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis has revealed. The audacious supply chain compromise, tracked as CVE-2024-3094 (CVSS score: 10.0), came to light last week when Microsoft engineer and PostgreSQL developer Andres Freund
News URL
https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html
Related news
- Red Hat warns of backdoor in XZ tools used by most Linux distros (source)
- Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) (source)
- Malicious SSH backdoor sneaks into xz, Linux world's data compression library (source)
- Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros (source)
- XZ Utils backdoor update: Which Linux distros are affected and what can you do? (source)
- New XZ backdoor scanner detects implant in any Linux binary (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- Patch up – 4 critical bugs in ArubaOS lead to remote code execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-3094 | Embedded Malicious Code vulnerability in Tukaani XZ 5.6.0/5.6.1 Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. | 10.0 |