Critical Code Execution Flaw in XZ Utils Threatens Systems: Patch Now!
March 31, 2024
A severe vulnerability, identified as CVE-2024-3094, was discovered in the XZ Utils library allowing remote code execution.
The flaw received the maximum severity rating on both CVSS 3.1 and CVSS 4.0 scales.
The compromised versions are xz/liblzma 5.6.0 and 5.6.1, with the backdoor hidden in binary test files.
The Mend Container solution can scan for this vulnerability in container images and registries, providing updates on affected Linux distributions.
A discrepancy exists between the Debian advisory and the official announcement regarding the vulnerability.
Affected users are urged to upgrade or downgrade to a safe version of the affected distributions as provided in the advisories.
Immediate action is required to mitigate the serious security risk presented by this backdoor in XZ Utils.
Summary based on 1 source
Get a daily email with more Tech stories
Source

Security Boulevard • Mar 31, 2024
Critical Backdoor Found in XZ Utils (CVE-2024-3094) Enables SSH Compromise