LinuxOperating Systems

XZ utils backdoor ! Affected version and operating systems explained

The XZ Utils version 5.6.0 and 5.6.1 is affected with the backdoor.

A collection of free freeware command-line lossless data compressors, XZ Utils (formerly LZMA Utils) includes the programmes lzma and xz for Unix-like operating systems and, starting with version 5.0, Microsoft Windows. Red Hat has released urgent secutiry alert regarding XZ Utils, where some version include malicious code embedded in it.

The malicious code is present in XZ Utils versions 5.6.0 and 5.6.1 and tracked under CVE-2024-3094 with a score 10.0, which is equivalent to critical. The Red Hat Enterprise Linux and Debian stable operating systems are not affected with this backdoor.

XZ Utils affected operating systems

  1. Fedora 40
  2. Fedora 41
  3. Fedora Rawhide
  4. Kali Linux (Updated between 26th March to 29th March)
  5. Debian testing, unstable, and experimental versions
  6. openSUSE Tumbleweed and openSUSE MicroOS

Verify XZ Utils installed version using command line

$ xz --version
xz (XZ Utils) 5.6.0
liblzma 5.6.0


It is recomended to downdrade the XZ Utils versions to stable 5.4.6 or below based on the operating system.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button