A malicious backdoor has been discovered in the widely used data compression software library xz, with instances found in Fedora Linux 40 and Fedora Rawhide. The backdoor, designated CVE-2024-3094, allows remote backdoor access via OpenSSH and systemd. Users of Fedora Linux 40 and 41 may have received infected versions of xz, which were released on February 24 and March 9, respectively.

Other Linux and OS distributions are advised to check their xz suite version to ensure they are not affected. Red Hat has warned that the malicious code is present in xz versions 5.6.0 and 5.6.1 and may mainly impact bleeding-edge distros. Debian Unstable and Kali Linux have also confirmed they are affected.

In response to the security threat, Red Hat has advised users to stop using Fedora Rawhide instances until xz-5.4.x is reinstated. Red Hat Enterprise Linux (RHEL) is not affected by the vulnerability. The backdoor in xz versions 5.6.0 and 5.6.1 has been obfuscated and only fully present in the source code tarball, leading to potential unauthorized access to affected systems.

Andres Freund, a PostgreSQL developer, has detailed the vulnerability, speculating that the backdoor may allow for remote code execution. The author behind the malicious code is believed to be a sophisticated attacker, possibly affiliated with a nation-state agency. The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the security threat.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles