dChan
Anonymous ID: f62093 April 3, 2024, 7:56 a.m. No.20671735   🗄️.is 🔗kun

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

 

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

Release DateMarch 29, 2024

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.

 

CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA.

 

See the following advisory for more information:

 

Red Hat: Urgent security alert for Fedora 41 and Rawhide users