Are You Affected by the Backdoor in XZ Utils?

Red Hat and CISA warn that XZ Utils versions 5.6.0 and 5.6.1 contain a code-injection backdoor (CVE-2024-3094, CVSS 10.0) that can grant remote access; users are advised to stop using affected Fedora Rawhide instances, downgrade to XZ Utils 5.4.6 or disable SSH, and use detection tools (for example Binarly's scanner) to find the implant. The advisory lists affected distributions (Fedora 41/Rawhide, some openSUSE and Debian testing/unstable packages) while noting RHEL and Ubuntu stable are reported unaffected.