all InfoSec news
CVE-2024-3094 Unveiled: XZ Utils Compromise Sparks Security Alarm
Malware Analysis, News and Indicators - Latest topics malware.news
Estimated reading time: 3 minutes
On Friday, March 29, developer Andres Freund detected unusual behavior in his Debian sid environment. In response, he contacted an open-source security mailing list to report his discovery of an upstream backdoor in the commonly used command-line tool XZ Utils (liblzma). The backdoor was surreptitiously added by a long-time open-source contributor, affecting XZ Utils versions 5.6.0 and 5.6.1, and assigned the CVE-2024-3094 identifier.
What is CVE-2024-3094
The XZ library, also known as liblzma, is a …
alarm backdoor command compromise cve cve-2024 cve-2024-3094 debian developer discovery environment line list march report response security sid tool upstream xz utils