Security Alert: Backdoor Found in XZ Libraries for Linux Systems
A.I. Assisted Editing…
This article addresses a critical security exploit affecting numerous Linux distributions. The vulnerability resides within the XZ libraries, commonly used for data compression. A malicious backdoor was injected into the source code, potentially granting unauthorized access to affected systems.
Affected Systems and Versions
The following Linux distributions and versions are confirmed to be vulnerable:
Red Hat:
- Fedora Rawhide affected
- Fedora Linux 40 (currently unaffected)
Debian:
- Testing and Unstable branches (versions 5.5.1 alpha up to 5.6.1)
Arch Linux:
- All installations between 02/24/2024 and 03/28/2024 (potentially including container images)
Ubuntu:
- Potential risk in upcoming 24.04 beta images (investigating)
Unaffected Systems
Based on the information current information we have the following systems are not currently affected:
- Debian Stable versions
- Ubuntu (current versions as of March 31, 2024)