XZ Utils Vulnerability in Linux Distributions
Release Date:
2 Apr 2024
6035
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
A vulnerability was identified in XZ Utils within Linux Distributions. A remote attacker could exploit this vulnerability to trigger remote code execution and security restriction bypass on the targeted system.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- XZ Utils versions 5.6.0 and 5.6.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Arch Linux:
Debian:
Kali Linux:
OpenSUSE:
RedHat:
Vulnerability Identifier
Source
Related Link
- https://isc.sans.edu/diary/rss/30800
- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://archlinux.org/news/the-xz-package-has-been-backdoored/
- https://lists.debian.org/debian-security-announce/2024/msg00057.html
- https://www.kali.org/blog/about-the-xz-backdoor/
- https://news.opensuse.org/2024/03/29/xz-backdoor/
- https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Share with