Malicious SSH backdoor sneaks into xz, Linux world's data compression library
ID: 6a47ef4a-4011-5016-8533-1ce2024bdcb6
STIX ID: report--6a47ef4a-4011-5016-8533-1ce2024bdcb6
Feed Name: The Register (Security)
A malicious backdoor was discovered in xz-utils versions 5.6.0 and 5.6.1 (CVE-2024-3094), likely introduced via a supply-chain compromise; the compromised liblzma can be transformed during build-time to alter ifunc resolvers and meddle with sshd via systemd, potentially allowing unauthorized remote access. Affected bleeding-edge distributions include Fedora Rawhide/Fedora 40, with confirmation/indications from Debian Unstable and Kali; Red Hat and CISA have issued urgent advisories and mitigations (revert to xz-5.4.x or remove backdoored builds).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.