Technology
A hidden backdoor has been discovered in the XZ Utils Library, affecting several popular Linux distributions.
The article warns of a supply chain attack on the XZ Utils data compression library which has been backdoored with malicious code designed to allow unauthorized remote access, impacting versions 5.6.0 and 5.6.1. The attack involves modifying specific functions in the liblzma code to intercept and modify data interactions, potentially enabling unauthorized access to systems. The issue was discovered by Microsoft security researcher Andres Freund and the repository has been disabled on GitHub. Fedora Linux 40 users are advised to downgrade to a 5.4 build, and the U.S. CISA has issued an alert urging users to downgrade XZ Utils to a safe version.
– RedHat warns of backdoored XZ Utils library with malicious code for unauthorized access
– Supply chain attack impacts versions 5.6.0 and 5.6.1, discovered by Microsoft researcher
– Repository disabled on GitHub, Fedora Linux 40 users advised to downgrade to 5.4
– U.S. CISA issues alert to downgrade XZ Utils to safe version
Source link