Red Hat warns of backdoor in XZ tools used by most Linux distros

bleepingcomputer.com

Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.

5 pages link to this URL

CVE-2024-3094: Critical RCE Vulnerability Found in XZ Utils | Wiz Blog

wiz.io Merav Bar; Amitai Cohen; Danielle Aminov Mar 29, 2024

CVE-2024-3094 is a malicious code vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils, enabling an SSH authentication bypass in certain Linux distributions

1 inbound link article en ResearchSecurityVulnerabilities

brew install xz installs the outdated version 5.4.6 instead of 5.6.1 · Homebrew · Discussion #5243

GitHub Ghost Mar 29, 2024

Output of brew config HOMEBREW_VERSION: 4.2.15 ORIGIN: https://github.com/Homebrew/brew HEAD: 92a4311868322188478d7a90511ec0e8e6b0d7df Last commit: 5 days ago Core tap JSON: 29 Mar 18:18 UTC Core c...

3 inbound links object en discussion:6436819

XZ Utils backdoor - Wikipedia

Wikimedia Foundation, Inc. Mar 29, 2024

1 inbound link website en

xz/liblzma Compromise Link Roundup

Shellsharks Michael Sass Mar 31, 2024

Links to analysis, discussion and more related to the xz/liblzma compromise (CVE-2024-3094).

2 inbound links article en infosec xz/liblzma Compromise Link Roundupshellsharksinfosecsupplychain

XZ Utils backdoor - Wikipedia

Wikimedia Foundation, Inc. Mar 29, 2024

75 inbound links website en