Free online scanner detects XZ Utils backdoor in Linux
TechRadar — April 3, 2024, 05:00 PM UTC
Summary: Binarly released a free online scanner to detect a backdoor in XZ Utils, affecting major Linux distros. The vulnerability, CVE-2024-3094, was introduced in version 5.6.0 and persisted in 5.6.1. CISA recommended downgrading to version 5.4.6. Other detection methods led to false positives. Binarly's scanner offers better results by scanning various supply chain points. It can detect variants automatically and is available at xz.fail.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.