Critical XZ Utils vulnerability (CVE-2024-3094) compromises Linux systems
Help Net Security — March 29, 2024, 07:00 PM UTC
Summary: A critical vulnerability (CVE-2024-3094) in XZ Utils may allow unauthorized access to Linux systems via sshd. Versions 5.6.0 and 5.6.1 of xz libraries contain malicious code. Red Hat warns Fedora 41 and Rawhide users to stop using affected packages. Debian advises updating xz-utils for testing, unstable, and experimental distributions. Red Hat, CISA, and other distributions collaborated to address the threat promptly. CISA recommends downgrading to a secure version like XZ Utils 5.4.6 Stable.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.