Security Alert: Backdoor Found in XZ Libraries for Linux Systems

Photo by Claudio Schwarz on Unsplash

A.I. Assisted Editing…

This article addresses a critical security exploit affecting numerous Linux distributions. The vulnerability resides within the XZ libraries, commonly used for data compression. A malicious backdoor was injected into the source code, potentially granting unauthorized access to affected systems.

Affected Systems and Versions

The following Linux distributions and versions are confirmed to be vulnerable:

Red Hat:

• Fedora Rawhide affected
• Fedora Linux 40 (currently unaffected)

Debian:

• Testing and Unstable branches (versions 5.5.1 alpha up to 5.6.1)

Arch Linux:

• All installations between 02/24/2024 and 03/28/2024 (potentially including container images)

Ubuntu:

• Potential risk in upcoming 24.04 beta images (investigating)

Unaffected Systems

Based on the information current information we have the following systems are not currently affected:

• Debian Stable versions
• Ubuntu (current versions as of March 31, 2024)