A malicious backdoor has been discovered in the Linux compression library xz.

– Red Hat issued a warning about a malicious backdoor found in the xz data compression software library that may be present in instances of Fedora Linux 40 and Fedora Rawhide.
– The malicious code provides remote backdoor access via OpenSSH and systemd, is present in xz versions 5.6.0 and 5.6.1, and has been designated as CVE-2024-3094 with a severity rating of 10 out of 10.
– Users of Fedora Linux 40 and Fedora Rawhide may have received the infected versions, and users of other Linux distributions should check their xz suite version.
– Debian Unstable and Kali Linux are also affected, and all users should identify and remove any backdoored xz builds.
– The backdoor may allow unauthorized access by interfering with OpenSSH authentication, potentially allowing remote login by miscreants.
– The malicious code in xz versions 5.6.0 and 5.6.1 is obfuscated in the source code tarball and can alter the operation of OpenSSH server daemons through systemd.
– The author of the malicious code is speculated to be a sophisticated attacker possibly affiliated with a nation-state agency.
– The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the supply-chain compromise affecting xz-utils.



Source link