Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202403-04
HistoryMar 29, 2024 - 12:00 a.m.

XZ utils: Backdoor in release tarballs

2024-03-2900:00:00
Gentoo Foundation
security.gentoo.org
24
xz utils
backdoor
release tarballs
security
gentoo
openssh
systemd-notify
downgrade
cve identifier

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.144

Percentile

95.8%

JSON

Background

XZ Utils is free general-purpose data compression software with a high compression ratio.

Description

A backdoor has been discovered in XZ utils. Please review the CVE identifier referenced below for details.

Impact

Our current understanding of the backdoor is that is does not affect Gentoo systems, because 1. the backdoor only appears to be included on specific systems and Gentoo does not qualify; 2. the backdoor as it is currently understood targets OpenSSH patched to work with systemd-notify support. Gentoo does not support or include these patches; Analysis is still ongoing, however, and additional vectors may still be identified. For this reason we are still issuing this advisory as if that will be the case.

Workaround

There is no known workaround at this time.

Resolution

All XZ utils users should upgrade to the latest fixed version, or downgrade to the latest version before the backdoor was introduced:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">app-arch/xz-utils-5.6.1"
 


 # emerge --sync
 # emerge --ask --oneshot --verbose "<app-arch/xz-utils-5.6.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/xz-utils=Β 5.6.0UNKNOWN

Related

ubuntucve 1
redhatcve 1
rapid7blog 1
archlinux 1
securelist 4
debiancve 1
rosalinux 3
githubexploit 47
osv 4
thn 2
vulnrichment 1
wizblog 1
f5 1
cvelist 1
alpinelinux 1
paloalto 1
cve 1
nessus 3
attackerkb 1
talosblog 1
arista 1
veracode 1
debian 1
qualysblog 1
openvas 1
hackread 1
nvd 1
trellix 1
ubuntucve
ubuntucve
CVE-2024-3094
2024-03-29 00:00:00
redhatcve
redhatcve
CVE-2024-3094
2024-03-29 16:50:47
rapid7blog
rapid7blog
Backdoored XZ Utils (CVE-2024-3094)
2024-04-01 17:13:05
archlinux
archlinux
[ASA-202403-1] xz: arbitrary code execution
2024-03-29 00:00:00
securelist
securelist
XZ backdoor story – Initial analysis
2024-04-12 08:00:34
APT trends report Q2 2024
2024-08-13 12:00:28
IT threat evolution Q2 2024
2024-09-03 08:00:08
debiancve
debiancve
CVE-2024-3094
2024-03-29 17:15:21
rosalinux
rosalinux
Advisory ROSA-SA-2024-2409
2024-04-23 12:23:07
Advisory ROSA-SA-2024-2407
2024-04-23 12:16:56
Advisory ROSA-SA-2024-2408
2024-04-23 12:20:30
githubexploit
githubexploit
Exploit for Embedded Malicious Code in Tukaani Xz
2024-03-31 10:45:44
Exploit for Embedded Malicious Code in Tukaani Xz
2024-04-01 16:08:50
Exploit for Embedded Malicious Code in Tukaani Xz
2024-03-29 23:20:22
osv
osv
CGA-xp9g-w4gq-2v78
2024-06-06 12:30:02
CGA-3r9w-5x9c-pwr7
2024-06-06 12:22:07
liblzma5-32bit-5.6.2-1.1 on GA media
2024-06-15 00:00:00
thn
thn
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
2024-03-30 05:23:00
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
2024-04-02 13:18:00
vulnrichment
vulnrichment
CVE-2024-3094 Xz: malicious code in distributed source
2024-03-29 16:51:12
wizblog
wizblog
Backdoor in XZ Utils allows RCE: everything you need to know
2024-03-29 22:02:58
f5
f5
K000139141 : liblzma vulnerability CVE-2024-3094
2024-04-01 00:00:00
cvelist
cvelist
CVE-2024-3094 Xz: malicious code in distributed source
2024-03-29 16:51:12
alpinelinux
alpinelinux
CVE-2024-3094
2024-03-29 17:15:21
paloalto
paloalto
Informational: Impact of Malicious Code in XZ Tools and Libraries (CVE-2024-3094)
2024-04-01 19:30:00
cve
cve
CVE-2024-3094
2024-03-29 17:15:21
nessus
nessus
Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)
2024-03-29 00:00:00
XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check
2024-04-01 00:00:00
GLSA-202403-04 : XZ utils: Backdoor in release tarballs
2024-04-01 00:00:00
attackerkb
attackerkb
CVE-2024-3094
2024-03-29 00:00:00
talosblog
talosblog
There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office
2024-04-04 18:00:39
arista
arista
Security Advisory 0095
2024-04-03 00:00:00
veracode
veracode
Injected Malicious Code
2024-04-01 21:18:10
debian
debian
[SECURITY] [DSA 5649-1] xz-utils security update
2024-03-29 16:10:02
qualysblog
qualysblog
XZ Utils SSHd Backdoor
2024-03-30 04:06:05
openvas
openvas
Tukaani Project XZ Utils Backdoor (Feb/Mar 2024)
2024-04-02 00:00:00
hackread
hackread
Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)
2024-04-01 23:17:59
nvd
nvd
CVE-2024-3094
2024-03-29 17:15:21
trellix
trellix
The Bug Report - April 2024 Edition
2024-04-29 00:00:00

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.144

Percentile

95.8%

JSON
Related for GLSA-202403-04
ubuntucve1redhatcve1rapid7blog1archlinux1securelist4debiancve1rosalinux3githubexploit47osv4thn2vulnrichment1wizblog1f51cvelist1alpinelinux1paloalto1cve1nessus3attackerkb1talosblog1arista1veracode1debian1qualysblog1openvas1hackread1nvd1trellix1