Issue:
Secure Code Warrior is aware that the malicious backdoor was recently discovered in a component of the open-source XZ Utils tool, posing a threat to some Linux systems. The vulnerability is currently being tracked as CVE-2024-3094.
CVE-2024-3094 is the vulnerability identifier assigned to a malicious backdoor that was discovered in version 5.6.0 and 5.6.1 of XZ Utils(formerly known as LZMA Utils), a data compression service that can be found in most Linux distributions. The malicious code, which was introduced by a previously trusted developer, attempts to weaken the authentication of SSH sessions via SSHD.
More information can be found here: NVD - CVE-2024-3094 (nist.gov)
Impact:
Secure Code Warrior has assessed our internal environment and can confirm we are not impacted by this vulnerability.
Other resources:
Comments
0 comments
Please sign in to leave a comment.