CVE-2024-3094 Unveiled: XZ Utils Compromise Sparks Security Alarm

A malicious backdoor was introduced into XZ Utils (liblzma) releases 5.6.0 and 5.6.1 (CVE-2024-3094) via a supply-chain compromise; during build/install the backdoor modifies the Makefile and compiles a liblzma that hooks OpenSSH's RSA_public_decrypt to allow pre-auth remote payload execution. Multiple Linux distributions shipped the vulnerable versions; vendors and distros have published updates and advisories and Quick Heal/Seqrite signatures are provided to detect the threat.