We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

    • Business

    Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)

    Jhon Posted on

    Beware! Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)

    A vulnerability (CVE-2024-3094) has been discovered in XZ Utils, the XZ format compression utilities that are included in most Linux distributions. This vulnerability, as warned by Red Hat, may allow a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely.

    The cause of the vulnerability has been identified as malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries. This code was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft. Freund shared his discovery via the oss-security mailing list after observing unusual symptoms around liblzma on Debian sid installations.

    According to Red Hat, the malicious injection in the vulnerable versions of the libraries is obfuscated and only included in full in the download package. The Git distribution lacks the M4 macro that triggers the build of the malicious code, and the resulting malicious build interferes with authentication in sshd via systemd.

    Freund commented that the activity over several weeks suggests that the committer is either directly involved or there was a severe compromise of their system. Fortunately, xz 5.6.0 and 5.6.1 have not yet widely been integrated by Linux distributions.

    Red Hat has identified the vulnerable packages in Fedora 41 and Fedora Rawhide, urging users of those distros to immediately stop using them. They have also encouraged affected businesses to contact their information security team for next steps. However, no versions of Red Hat Enterprise Linux (RHEL) are affected. SUSE has released a fix for openSUSE users, and Debian has confirmed that no stable versions of the distro are affected. Compromised packages were part of the Debian testing, unstable, and experimental distributions, and users of those should update the xz-utils packages.

    The discovery of malicious code in the latest versions of the xz libraries highlights the critical importance of maintaining vigilance and expertise in cybersecurity.

    Tagged:

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    Jhon
    View all posts

    You Might Also Like