LinuxOperating Systems
XZ utils backdoor ! Affected version and operating systems explained
The XZ Utils version 5.6.0 and 5.6.1 is affected with the backdoor.
A collection of free freeware command-line lossless data compressors, XZ Utils (formerly LZMA Utils) includes the programmes lzma and xz for Unix-like operating systems and, starting with version 5.0, Microsoft Windows. Red Hat has released urgent secutiry alert regarding XZ Utils, where some version include malicious code embedded in it.
The malicious code is present in XZ Utils versions 5.6.0 and 5.6.1 and tracked under CVE-2024-3094 with a score 10.0, which is equivalent to critical. The Red Hat Enterprise Linux and Debian stable operating systems are not affected with this backdoor.
XZ Utils affected operating systems
- Fedora 40
- Fedora 41
- Fedora Rawhide
- Kali Linux (Updated between 26th March to 29th March)
- Debian testing, unstable, and experimental versions
- openSUSE Tumbleweed and openSUSE MicroOS
Verify XZ Utils installed version using command line
$ xz --version xz (XZ Utils) 5.6.0 liblzma 5.6.0
It is recomended to downdrade the XZ Utils versions to stable 5.4.6 or below based on the operating system.
