Last week security researchers publicised a malicious back door in the XZ Utils library, a widely used suite of software that gives developers lossless compression and is commonly used for compressing software releases and Linux kernel images. The backdoor could, under certain circumstances be used to run unauthorised code via the encrypted SSH connection protocol.
The vulnerability has been given the formal title of CVE-2024-0394 and is being reported using the terms XZ backdoor and XZ Utils backdoor.
To date there are no known reports of the compromised version of XZ being part of any production releases for any of the major Linux distributions. However both RedHat and Debian have disclosed that the compromised version was part of recently published beta releases and Arch Linux was also affected. The compromised version also impacted macOS developers using the Homebrew package management system if they’d previously installed XZ as well as Windows developers running the WSL development environment.
At Kamma we have checked all of our platforms and services as well as all of our laptops and servers which run macOS, Linux and Windows and we would like to reassure our customers that Kamma is not impacted or affected by this compromised package.
However if you would like to discuss this in greater detail or require any further information, please contact us at support@kammadata.com.
At Kamma, we know how important it is to have the most up-to-date information at your fingertips. Each month, we provide a full rundown of the latest scheme announcements and property licensing news. What’s covered? We detail all of this and more in this month’s edition. Click below to download your copy! At Kamma, we understand […]
Regular news, information and insights from Kamma. No spam. Unsubscribe at any time.
Sign me up!
Subscribing ...
Sorry, we really want to but we couldn't subscribe you due to missing or incorrect information; please update the information that's highlighted in red and try again.
Well this is awkward. Something went wrong on the internet between your browser and our newletter subscription service. Please let us know and we'll do our best to fix it for you.
Thanks for subscribing! Check your Inbox in a short while for a confirmation email to check it was really you that just subscribed. If you've already subscribed, we'll keep your subscription but you won't receive a confirmation email this time.