Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 | CISA
- by nlqip
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.
CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA.
See the following advisory for more information:
Source link
lol
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems. CISA recommends developers and users…
Recent Posts
- Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication Bypass
- Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
- Five HPE GreenLake Game Changers: A Look At Pay-Per-Use Cloud Service Improvements
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
- Critical Patches Issued for Microsoft Products, January 14, 2025