Backdoor Detected in XZ Utils: Who is at Risk?

March 29, 2024

Red Hat has issued a warning about a backdoor present in XZ Utils, a compression utility included in numerous Linux distributions. The backdoor, identified as a code injection vulnerability (CVE-2024-3094), allows a malicious actor to gain remote access to the system by injecting code into the authentication process.

Red Hat's advisory emphasized the severity of the issue, urging users to immediately cease using any Fedora Rawhide instances for any activity until a safer version of the utility is installed. The vulnerability has been given the highest severity rating of 10.0 by the Common Vulnerability Scoring System (CVSS).

The backdoor is found in XZ Utils versions 5.6.0 and 5.6.1. The US Cybersecurity and Infrastructure Security Agency (CISA) has recommended that users and developers downgrade to an uncompromised version, such as XZ Utils 5.4.6 Stable. Users can determine if their system is running the affected version by checking the output of the utility. If the system is running the compromised version, users should apply an update, downgrade the utility, or disable ssh to prevent exploitation.

While Linux distributions are the primary targets, there are reports that some MacOS versions may also be affected. In such cases, running 'brew upgrade' on the Mac should downgrade the utility from version 5.6.0 to 5.4.6. The impact of this backdoor may be limited, as it is present in the newer versions of the utility, which may not be as widely deployed.

Vulnerable packages are present in Fedora 41 and Fedora Rawhide, but no versions of Red Hat Enterprise Linux (RHEL) are affected. Red Hat advises users to stop using the affected versions until a safer version is released. Updates are available for openSUSE (Tumbleweed or MicroOS). Debian Linux's stable versions are not affected, but compromised packages were part of the testing, unstable, and experimental versions. Kali Linux systems updated between March 26 and March 29 should update again to get the fix, while systems updated before the 26th are not affected by this backdoor.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.