Backdoor found in xz Utils for Linux systems
Ars Technica — April 1, 2024, 08:00 AM UTC
Summary: Researchers discovered a backdoor in xz Utils, a widely used data compression utility in Linux. The malicious code, present in versions 5.6.0 and 5.6.1, allowed unauthorized access with root privileges over SSH. The attack was sophisticated, involving years of planning and manipulation of the software's development process. The backdoor targeted Debian and Red Hat distributions on amd64 systems running glibc. Multiple distributions unknowingly included the compromised versions.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.