Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)

Unit 42 reports a critical supply-chain compromise (CVE-2024-3094, CVSS 10.0) in XZ Utils versions 5.6.0 and 5.6.1 where malicious code in upstream tarballs alters the liblzma build to produce a backdoored library capable of intercepting or modifying application data; major Linux distributions and some package images were affected. The advisory details affected distros and images, recommends downgrading to unaffected XZ versions or applying vendor fixes, provides detection XQL queries and remediation steps, and documents Palo Alto Networks product protections and response options.