RedHat Urges Immediate Action After Backdoor Discovered in XZ Utils Software
RedHat has issued an urgent security alert after discovering that two versions of the XZ Utils data compression library have been backdoored with malicious code. This security threat, tracked as CVE-2024-3094, has a CVSS score of 10.0 and affects XZ Utils versions 5.6.0 and 5.6.1.
The malicious code found in the compromised versions of XZ Utils interferes with the sshd daemon process for SSH via the systemd software suite, potentially allowing unauthorized remote access to systems. Microsoft security researcher Andres Freund was the one who discovered the issue, which was traced back to a user named JiaT75 on GitHub.
Despite GitHub disabling the XZ Utils repository for violating its terms of service, there have been no reports of active exploitation of the vulnerability in the wild. The malicious packages have been confirmed to be present in Fedora 41 and Fedora Rawhide, prompting Fedora Linux 40 users to downgrade to a 5.4 build as a precaution.
Fortunately, other systems like Red Hat Enterprise Linux, Debian Stable, Amazon Linux, and SUSE Linux Enterprise and Leap are not impacted by the backdoor in XZ Utils. The U.S. Cybersecurity and Infrastructure Security Agency has also issued an alert advising users to downgrade XZ Utils to an uncompromised version to mitigate the risk of unauthorized remote access to systems.
For more information and steps on how to protect your system from this security threat, please refer to RedHat’s official security advisory.
“Social media scholar. Reader. Zombieaholic. Hardcore music maven. Web fanatic. Coffee practitioner. Explorer.”