Tagged articles

xz utils

4 articles · Page 1 of 1
ITPUB
ITPUB
May 20, 2024 · Information Security

How a Hidden Backdoor in XZ Compression Threatens Global Open‑Source Infrastructure

A recent backdoor implanted in the widely used open‑source compression tool XZ exposes the fragile reliance on volunteer‑maintained software infrastructure, highlighting the massive economic value of open‑source, the sophisticated attack methods employed, and the urgent need for better security and maintenance practices.

Open-sourcebackdoorinformation security
0 likes · 6 min read
How a Hidden Backdoor in XZ Compression Threatens Global Open‑Source Infrastructure
Java Tech Enthusiast
Java Tech Enthusiast
Apr 10, 2024 · Information Security

Backdoor Discovered in xz-utils for Fedora 40 and Rawhide

Red Hat’s emergency advisory (CVE‑2024‑3094) warns that malicious code was inserted into xz‑utils 5.6.0/5.6.1, creating a remote‑access backdoor that affects only Fedora 41 and Rawhide, traced to attacker JiaT75 who compromised the Tukaani project for three years before GitHub disabled the repository.

CVE-2024-3094Fedorabackdoor
0 likes · 4 min read
Backdoor Discovered in xz-utils for Fedora 40 and Rawhide