Backdoor found in widely-used xz distribtion [CVE-2024-3094]
Mar 29, 2024
·
1 min read
![Backdoor found in widely-used xz distribtion [CVE-2024-3094]](https://blog.silentwave.systems/posts/cve-2024-3094-backdoor-xz/image.png)
Overview
A critical vulnerability, CVE-2024-3094, has been found in xz compression utilities versions 5.6.0 and 5.6.1. Malicious code within these versions manipulates the liblzma library, potentially allowing unauthorized data access and modification.
Severity
Classified as critical by Red Hat with a score of 10.0, this issue demands immediate attention.
Actions
- Downgrade to xz version 5.4.6.
- Monitor for malicious activity.
- Report findings to CISA.
Affected systems should cease using Fedora Rawhide and downgrade Fedora Linux 40 to xz 5.4.x. For further guidance, contact your organization’s Information Security team.
Sharing is caring!