Head Topics

Backdoor Discovered in Widely Used Open Source Compression Library

Technology News

Backdoor Discovered in Widely Used Open Source Compression Library
BackdoorOpen SourceCompression Library
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 39 sec. here
  • 9 min. at publisher
  • 📊 Quality Score:
  • News: 43%
  • Publisher: 61%

The discovery of a backdoor in the xz compression library could have been a major security disaster if not caught in time. The malicious code only affected a few Linux distributions, but it highlights the potential risks of supply chain attacks.

The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer.

'This might be the best executed supply chain attack we've seen described in the open, and it's a nightmare scenario: malicious, competent, authorized upstream in a widely used library,' to the Openwall security mailing list that he had found a backdoor in liblzma, which is part of the xz package. The xz software is used in many Linux distributions and in macOS for tasks like compressing release tarballs, kernel images, and the like. – the malicious code only made it into a few bleeding-edge Linux distributions, such as the upcoming Fedora Linux 40; Fedora Rawhide developer distribution; Debian Unstable; and Kali Linux. Vulnerable distributions require glibc (for IFUNC, a way to make indirection function calls into OpenSSH authentication), and xz-5.6.0 or xz-5.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

Backdoor Open Source Compression Library Xz Security Supply Chain Attack Linux Distributions

Ireland Latest News, Ireland Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Revealed: The Deliveroo, Uber Eats and Just Eat ‘backdoor’ to UK illegal migrationRevealed: The Deliveroo, Uber Eats and Just Eat ‘backdoor’ to UK illegal migrationDeliveroo, Uber Eats and Just Eat delivery rider accounts are being traded for use by illegal workers through a growing online black market
Read more »

Celebrity Big Brother secretly evicts housemate through 'backdoor' before finalCelebrity Big Brother secretly evicts housemate through 'backdoor' before finalAn undisclosed housemate has been evicted from Celebrity Big Brother in a shocking twist, just two days before the show's final and has already 'gone into hiding'
Read more »

Celebrity Big Brother fans 'sobbing' as 'wrong housemate' evictedCelebrity Big Brother fans 'sobbing' as 'wrong housemate' evictedFans blasted the backdoor eviction as 'cruel'
Read more »

Malicious backdoor sneaks into xz, Linux world's data compression library and toolMalicious backdoor sneaks into xz, Linux world's data compression library and toolRed Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES
Read more »

Malicious SSH backdoor sneaks into xz, Linux world's data compression libraryMalicious SSH backdoor sneaks into xz, Linux world's data compression librarySTOP USAGE OF FEDORA RAWHIDE, says Red Hat while Debian Unstable and others also affected
Read more »

Malicious xz backdoor reveals fragility of open sourceMalicious xz backdoor reveals fragility of open sourceThis time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy
Read more »



Render Time: 2025-02-25 16:01:25