CISA urgent security alert
-
Friday, 26th April, 2024
-
13:04pm
⚠️ CISA urgent security alert
Secret backdoor found in XZ Utils compression library used by major Linux distros, like Fedora, Kali Linux, and openSUSE. Attackers could breach SSH and take control of systems.
CVE-2024-3094 assigned max CVSS score of 10.0!
Versions 5.6.0 & 5.6.1 compromised with malicious code allowing unauthorized remote access.
Full report :
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
If your server is using XZ utils compression version 5.6.0 or 5.6.1 you have to downgrade it to avoid security issues.
Recommended version : XZ Utils 5.4.6
to check version :
xz --version
OR
yum info xz
OR
rpm -qa | grep xz
Stay Safe.
Pamir Alpha Technologies
