SDxCentral

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data ...
GIGAZINE

It was discovered that a malicious backdoor was installed in the built-in compression tool 'XZ Utils' of Linux distributions such as Red Hat and Debian.

On March 29, 2024 local time, developer Andres Freund reported the existence of a malicious backdoor in XZ Utils. According to him, it was confirmed that malicious code was present in versions 5.6.0 ...
GIGAZINE

Security company Kaspersky explains how the backdoor of the compression tool 'XZ Utils' used in Linux environments is embedded

XZ is a compression tool used in many Linux distributions, and this time the attack specifically targeted the OpenSSH server process 'sshd.' In distributions such as 'Ubuntu,' 'Debian,' and ...
Dark Reading

XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack

A newly discovered backdoor in XZ Utils, a data compression utility present in nearly all Linux distributions, has revived the ghosts of previous major software-supply chain security scares such as ...
CRN

CISA, Red Hat Warn About Supply Chain Compromise Affecting Linux Distributions

A backdoor has been implanted in the two latest versions of XZ Utils — a set of data compression software tools and libraries ‘present in nearly every Linux distribution,’ according to Red Hat. Red ...
heise online

XZ-Utils: Vulnerability probably enables code smuggling

There is a gaping security hole in the widespread XZ utils that could potentially be misused to inject malicious code. A security vulnerability has been discovered in the XZ compression library. This ...