Alert from Red Hat: backdoor in xz

Red Hat he announced on Friday that a backdoor has been discovered in the widely used xz data compression software library and may affect Fedora Linux 40 distributions and the Fedora Rawhide developer distribution.

The company said the malicious code provides remote backdoor access via OpenSSH and systemd, and is present in xz versions 5.6.0 and 5.6.1. The vulnerability has the identifier CVE-2024-3094 and is rated 10 out of 10 in CVSS severity.

Users of other Linux OS distributions should check to see what version of the xz suite they have installed. The infected versions, 5.6.0 and 5.6.1, were released on February 24 and March 9, respectively, and may not have been integrated into many distributions.

It should be mentioned that LTS distributions do not seem to be at risk as they use an older version of xz. But if you are running a testing version of Debian, or some other rolling release, it would be good to check the version of xz.

Debian Unstable and Kali Linux are already reported to be affected, as is Fedora. So if you use any of these distributions you should replace any backdoored builds of xz.

Red Hat Enterprise Linux (RHEL) and Debian stable OS are not affected.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).