A2ZCORE Logo A2ZCORE

XZ Utils backdoor

xz-utils-backdoor-1752889331284-a4024c

Description

In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name "Jia Tan". The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number CVE-2024-3094 and has been assigned a CVSS score of 10.0, the highest possible score.

ID: xz-utils-backdoor-1752889331284-a4024c

Share this TL;DR

Previous TL;DR
Next TL;DR

Related TL;DRs

Effort to impeach Pervez Musharraf

The effort to impeach Pervez Musharraf was an August 2008 attempt by opposition parties comprising …

Sergio Ramos

Sergio Ramos García is a Spanish professional footballer who plays as a centre-back for and …

Bigg Boss (Telugu TV series) season 8

Bigg Boss 8, also known as Bigg Boss 8: Limitless, is a reality show and …

Chase Claypool

Chase Claypool is a Canadian professional football wide receiver. He played college football for the …

Nancy Wake

Nancy Grace Augusta Wake,, also known as Madame Fiocca and Nancy Fiocca, was a New …

Wareru

Wareru was the founder of the Martaban Kingdom, located in present-day Myanmar (Burma). By using …