Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

Categories: Latest Cyber News
Help raise awareness by sharing this page:

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems. 

CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA. 

See the following advisory for more information: 

Thank you for visiting our page! For a deeper dive into this topic, discover the full article by clicking HERE.