Red Hat warns of backdoor in XZ tools used by most Linux distros

By Gerowen
in Back Page News

 Share

Recommended Posts

Grand Master

Gerowen

Posted
Posted (edited)

Headline: Red Hat warns of backdoor in XZ tools used by most Linux distros

Anecdote: I stick to Debian stable on everything here at the house so we're fine, but if you run Ubuntu, Arch, Fedora, Debian testing/unstable, etc., you might want to pay attention to this.

Snippet

Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.

"PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA 41 OR FEDORA RAWHIDE INSTANCES for work or personal activity," Red Hat warned on Friday.

"No versions of Red Hat Enterprise Linux (RHEL) are affected. We have reports and evidence of the injections successfully building in xz 5.6.x versions built for Debian unstable (Sid). Other distributions may also be affected."

Debian's security team also issued an advisory warning users about the issue. The advisory says that no stable Debian versions are using the compromised packages and that XZ has been reverted to the upstream 5.4.5 code on affected Debian testing, unstable, and experimental distributions.

Source and rest of articlehttps://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing