Critical Linux Backdoor Found in XZ Utils: CVE-2024-3094 Urgent Downgrade Alert
April 2, 2024![Critical Linux Backdoor Found in XZ Utils: CVE-2024-3094 Urgent Downgrade Alert](https://cdn.brief.news/images/stories/eaaa6cb6e7ecf887e15bade00df02c4e95cbebac42c94943b3870c866c32358f9582e78302a2e6e9c23a24b0241f9dd0d7cd0ae978c084c003879480ee771c7a.jpg)
A high-risk security vulnerability, CVE-2024-3094, was identified in the XZ Utils package, specifically versions 5.6.0 and 5.6.1, enabling unauthorized SSH access.
The vulnerability is a serious concern for popular Linux distributions including Fedora, Debian, Kali, openSUSE, and Arch Linux.
Affected Linux distributions have advised users to downgrade to previous stable versions to prevent exploitation of the flaw.
Red Hat has rated the security flaw with the highest severity, and the US Cybersecurity and Infrastructure Security Agency has called for immediate action to downgrade affected systems.
A detection tool has been made available to help organizations identify compromised XZ Utils installations.
The incident underscores the continuous risk of undisclosed security issues in common open-source software and the need for regular updates, security audits, and increased awareness.
Summary based on 8 sources
Get a daily email with more Tech stories
Sources
![What we know about the xz Utils backdoor that almost infected the world](https://cdn.brief.news/images/links/eaaa6cb6e7ecf887e15bade00df02c4e95cbebac42c94943b3870c866c32358f9582e78302a2e6e9c23a24b0241f9dd0d7cd0ae978c084c003879480ee771c7a.jpg)
Ars Technica • Apr 1, 2024
What we know about the xz Utils backdoor that almost infected the world![Malicious xz backdoor reveals fragility of open source](https://cdn.brief.news/images/links/d2a0a56035343f5192f18178aa83a1dbf9871b3f6bd4fde22b0cd925c415dbdfa1d20b75b6a11d76b91e7f496203409d08e271d15d2c8935bed71dc46a76c513.jpg)
The Register • Apr 1, 2024
Malicious xz backdoor reveals fragility of open source![XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack](https://cdn.brief.news/images/links/893d073ea1bebd821d50e60bb8ab541d24f0b5b0a685105f7902d1854fb482a2c9a042c54903e3bb403d51e74d60ed796465ecd9afaa8f672dfac0e61019b637.jpg)
Dark Reading • Apr 1, 2024
XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack![Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor](https://cdn.brief.news/images/links/b600ca24e3609a5fcfad4afac8f4fe161bfdc5e86c225a5a35e383e4784413e3177c4044fa9a01d4a6879270f713a1dff875250c4ed29b320c16775f4bd8576d.jpg)
SecurityWeek • Apr 1, 2024
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor