Revision as of 22:28, 8 April 2024 edit Chaosdruid (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 27,207 edits →Background: add ref Tag: 2017 wikitext editor ← Previous edit		Revision as of 03:56, 9 April 2024 edit undo Eric lagergren (talk \| contribs) 26 edits m Grammar Tags: Visual edit Mobile edit Mobile web edit Advanced mobile edit Next edit →
Line 22: \| website = {{URL\|https://tukaani.org/xz-backdoor/}} }} On 29 March 2024, ~~the~~ software developer Andres Freund reported that he had found a maliciously introduced [[Backdoor (computing)\|backdoor]] in the Linux utility [[XZ Utils\|xz]] within the [[liblzma]] library in versions 5.6.0 and 5.6.1 released in February 2024.<ref>{{Cite web \|title=A backdoor in xz \|first=Jonathan \|last=Corbet \|website=LWN \|url=https://lwn.net/Articles/967180/ \|access-date=2 April 2024 \|archive-date=1 April 2024 \|archive-url=https://web.archive.org/web/20240401224317/https://lwn.net/Articles/967180/ \|url-status=live }}</ref> While xz is commonly present in most [[Linux distribution\|Linux distributions]], the backdoor only targeted [[Debian]]- and [[RPM Package Manager\|RPM]]-based systems running on the [[x86-64]] architecture.{{cn\|date=April 2024}} At the time of discovery the backdoored version had not yet been widely deployed.<ref>{{cite web \|title=CVE-2024-3094 \|url=https://nvd.nist.gov/vuln/detail/CVE-2024-3094 \|website=[[National Vulnerability Database]] \|publisher=NIST \|access-date=2 April 2024 \|archive-date=2 April 2024 \|archive-url=https://web.archive.org/web/20240402031933/https://nvd.nist.gov/vuln/detail/CVE-2024-3094 \|url-status=live }}</ref>

XZ Utils backdoor: Difference between revisions