Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)

A vulnerability (CVE-2024-3094) has been discovered in XZ Utils, the XZ format compression utilities that are included in most Linux distributions. This vulnerability, as warned by Red Hat, may allow a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely. The cause of the vulnerability has been identified as malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries. Red Hat has identified the vulnerable packages in Fedora 41 and Fedora Rawhide, urging users of those distros to immediately stop using them. The discovery of malicious code in the latest versions of the xz libraries highlights the critical importance of maintaining vigilance and expertise in cybersecurity.