Red Hat Issues Urgent Security Alert for Backdoor in XZ Utils Data Compression Library
Red Hat has recently issued an urgent security alert regarding a backdoor discovered in two versions of the XZ Utils data compression library. The CVE-2024-3094 vulnerability affects XZ Utils versions 5.6.0 and 5.6.1, with a severity rating of 10.0.
The malicious code found in these versions allows for unauthorized remote access and poses a significant threat to users. It interferes with the sshd daemon process for SSH, potentially granting threat actors unauthorized access to systems.
The issue was first brought to light by Microsoft security researcher Andres Freund, who credited a user named Jia Tan with introducing the malicious code. Following the discovery, GitHub has taken action by disabling the XZ Utils repository maintained by the Tukaani Project due to a violation of its terms of service.
While there have been no reports of active exploitation in the wild, users are strongly advised to downgrade to a version of XZ Utils that is not compromised. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an alert recommending users downgrade their XZ Utils to a safe version to mitigate the risk of potential security breaches.
Fortunately, the supply chain attack only affects Fedora 41 and Fedora Rawhide, and does not impact other major distributions such as Red Hat Enterprise Linux, Debian Stable, Amazon Linux, and SUSE Linux Enterprise and Leap. By taking proactive measures and downgrading to a secure version of XZ Utils, users can protect themselves from potential security threats.
“Prone to fits of apathy. Devoted music geek. Troublemaker. Typical analyst. Alcohol practitioner. Food junkie. Passionate tv fan. Web expert.”