CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs

discourse.nixos.org

There is currently an ongoing discussion on various platforms about a security issue in xz/liblzma, and here is what we know at this time. This post serves as a way to inform the community about our assessment of the impact on nixpkgs. Summary It was discovered that xz from version 5.6.0 started shipping malicious code that would only be executed through its release tarballs. A malicious code path would be executed when running configure and modify the resulting liblzma library. Impact NixOS 2...

3 pages link to this URL

hasherezade's 1001 nights

Hasherezade's 1001 Nights Nov 25, 2025

projects and tasks that I do in my free time

0 inbound links website en CrackMeCTFFlareOnMalwareToolsTutorialProgrammingTechniquescryptography ExeToDLLFlareOnFlareOn12TinyTracerHollowsHunterPE-bearPE-sieveprocesshollowingprocessinjectionProgrammingrunpecryptographyCTFFlareOn11linuxransomwareFlareOn9

xz/liblzma Compromise Link Roundup

Shellsharks Michael Sass Mar 31, 2024

Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).

2 inbound links article en infosec xz/liblzma Compromise Link Roundupshellsharksinfosecsupplychain

NVD

nvd.nist.gov Jan 4, 2024

23 inbound links en