Backdoor in XZ Utils poses security risk in Linux
Nextgov/FCW — April 1, 2024, 05:00 PM UTC
Summary: CISA warns of a backdoor in XZ Utils, a Linux file compression tool, potentially allowing system access. Red Hat confirms the vulnerability affects certain beta Linux versions. Microsoft engineer discovers the flaw. Malicious code introduced by a long-time XZ contributor. CISA advises downgrading to secure versions. GitHub investigates exploit repository closure. Suspicions of nation-state involvement prompt FBI and NSA investigation. Open-source tool security debates reignite.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.