Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. The cause of the vulnerability is actually malicious code present in versions 5.6.0 (released in late February) and 5.6.1 (released on March 9) of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and … More →

The post …

access actor authentication backdoor cisa code compression cve cve-2024 debian distributions don't miss enable fedora found hot stuff kali linux linux linux distributions linux distros malicious may open source red hat supply chain compromise suse system unauthorized unauthorized access utilities vulnerability