GIGAZINE

It was discovered that a malicious backdoor was installed in the built-in compression tool 'XZ Utils' of Linux distributions such as Red Hat and Debian.

On March 29, 2024 local time, developer Andres Freund reported the existence of a malicious backdoor in XZ Utils. According to him, it was confirmed that malicious code was present in versions 5.6.0 ...
GIGAZINE

Timeline summary of the backdoor attack on XZ Utils

On March 29, 2024, it was revealed that the compression tool ' XZ Utils ' had a malicious backdoor. Google engineer Russ Cox has compiled a chronological summary of how the backdoor was installed. XZ ...
Bleeping Computer

Docker Hub still hosts dozens of Linux images with the XZ backdoor

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. Docker Hub is the ...
ITWire

Displaying items by tag: xz utils

The repository of the open-source compression utility xz Utils, in which a backdoor was found prior to the Easter weekend, has now been restored to GitHub.
SDxCentral

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data ...
Dark Reading

Whispers of XZ Utils Backdoor Live on in Old Docker Images

The infamous XZ Utils backdoor discovered last year may have a bit of life in it yet. Binarly on Aug. 12 published research concerning the XY Utils backdoor, a notorious incident in which a developer ...
TechRadar

Latest Ubuntu beta and other Linux distros delayed by xz-utils security issues

The beta version of Ubuntu 24.04 won’t be released on time, the developers have confirmed, following concerns about a major security threat. Instead of launching on April 4, the latest Ubuntu version, ...