Malicious Code Discovered in xz Upstream Tarballs, Affecting liblzma and Other Dependent Packages

Summary

CVE-2024-3094 is a severe vulnerability found in the XZ Utils compression library, affecting major Linux distributions such as Fedora, Kali Linux, and openSUSE. The vulnerability allows for unauthorized remote access to systems and has been exploited by injecting code into the authentication process to enable access. Red Hat has issued an urgent security alert and advised users to downgrade to an uncompromised version of XZ Utils. Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users to downgrade to an earlier version of XZ Utils to mitigate the risk. There are currently no reports of active exploitation in the wild, but the severity of the vulnerability underscores the importance of addressing it promptly.

News Articles

The Hacker News

CVE-2024-3094

Leveraging Wazuh for Zero Trust security

Learn how Zero Trust security protects organizations by eliminating implicit trust, enabling continuous monitoring, and enhancing incident response

2 weeks ago

SC Media

CVE-2024-3094

Online xz utility backdoor scanning tool issued

Binarly has issued a free online tool that would facilitate scanning a newly discovered backdoor and maximum severity vulnerability in xz tools and libraries used by major Linux distributions, tracked as CVE-2024-3094, across Linux binaries amid significant security risks, according to Security Affa...

4 months ago

InfoSec Write-ups

CVE-2024-3094CVE-2023-22515

Cve – InfoSec Write-ups

Read writing about Cve in InfoSec Write-ups. A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly...

4 months ago

More News...