A severe vulnerability, identified as CVE-2024-3094, was discovered in the XZ Utils library allowing remote code execution.

The flaw received the maximum severity rating on both CVSS 3.1 and CVSS 4.0 scales.

The compromised versions are xz/liblzma 5.6.0 and 5.6.1, with the backdoor hidden in binary test files.

The Mend Container solution can scan for this vulnerability in container images and registries, providing updates on affected Linux distributions.

A discrepancy exists between the Debian advisory and the official announcement regarding the vulnerability.

Affected users are urged to upgrade or downgrade to a safe version of the affected distributions as provided in the advisories.

Immediate action is required to mitigate the serious security risk presented by this backdoor in XZ Utils.