Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
All about the xz-utils backdoor | Kali Linux Blog
kali.orgAs of 5:00 pm ET on March 29, 2024 the following information is accurate. Should there be updates to this situation, they will be edited onto this blog post. The xz-utils package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor)
Malicious code was pushed to the libxz-utils project that introduced a backdoor in SSH. Here's how to find potentially vulnerable systems.
Risky Biz News: Supply chain attack in Linuxland
In other news: AT&T confirms 2019 data breach; Canonical switches to manual reviews after flood of scam apps; HP leaves Russia.
XZ Utils Backdoor: Supply Chain Vulnerability (CVE-2024-3094) - guardsix
Discover XZ Utils, renowned for high compression & data integrity. Learn about recent CVE-2024-3094 breach.
xz/liblzma Compromise Link Roundup
Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).
