March 29, 2024 at 01:55PM
Red Hat issues urgent warning regarding backdoor discovered in the latest XZ Utils data compression tools and libraries in Fedora development versions. The malicious code, assigned a 10/10 critical severity score, compromises sshd authentication, potentially allowing unauthorized remote system access. Users are advised to revert to uncompromised version and monitor for suspicious activity.
Based on the meeting notes, the key takeaways include:
1. Red Hat has issued a warning to immediately stop using systems running Fedora 41 or Fedora Rawhide due to a backdoor found in the latest XZ Utils data compression tools and libraries.
2. The security issue was discovered by Andres Freund while analyzing a Postgres performance problem on a Linux box running Debian Sid.
3. The security vulnerability is being tracked as CVE-2024-3094 and has been assigned a 10/10 critical severity score. Red Hat has reverted to 5.4.x versions of XZ in Fedora 40 beta.
4. The malicious code is obfuscated and can only be found in the complete download package, not in the Git distribution, which lacks the M4 macro, triggering the backdoor build process.
5. CISA has published an advisory urging developers and users to downgrade to an uncompromised version (i.e. 5.4.6 Stable) and to search for any suspicious activity on their systems.
These are the main takeaways from the meeting notes. Let me know if you need further information or analysis.