GIGAZINE

It was discovered that a malicious backdoor was installed in the built-in compression tool 'XZ Utils' of Linux distributions such as Red Hat and Debian.

On March 29, 2024 local time, developer Andres Freund reported the existence of a malicious backdoor in XZ Utils. According to him, it was confirmed that malicious code was present in versions 5.6.0 ...
GIGAZINE

Security company Kaspersky explains how the backdoor of the compression tool 'XZ Utils' used in Linux environments is embedded

XZ is a compression tool used in many Linux distributions, and this time the attack specifically targeted the OpenSSH server process 'sshd.' In distributions such as 'Ubuntu,' 'Debian,' and ...
SDxCentral

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data ...
Dark Reading

Are You Affected by the Backdoor in XZ Utils?

Red Hat is warning that a vulnerability in XZ Utils, the XZ format compression utility included in Unix-like operating systems such as Linux, is a backdoor. Users should either downgrade the utility ...
heise online

XZ-Utils: Vulnerability probably enables code smuggling

There is a gaping security hole in the widespread XZ utils that could potentially be misused to inject malicious code. A security vulnerability has been discovered in the XZ compression library. This ...