Last week security researchers publicised a malicious back door in the XZ Utils library, a widely used suite of software that gives developers lossless compression and is commonly used for compressing software releases and Linux kernel images. The backdoor could, under certain circumstances be used to run unauthorised code via the encrypted SSH connection protocol.
The vulnerability has been given the formal title of CVE-2024-0394 and is being reported using the terms XZ backdoor
and XZ Utils backdoor
.
To date there are no known reports of the compromised version of XZ being part of any production releases for any of the major Linux distributions. However both RedHat and Debian have disclosed that the compromised version was part of recently published beta releases and Arch Linux was also affected. The compromised version also impacted macOS developers using the Homebrew package management system if they’d previously installed XZ as well as Windows developers running the WSL development environment.
At Kamma we have checked all of our platforms and services as well as all of our laptops and servers which run macOS, Linux and Windows and we would like to reassure our customers that Kamma is not impacted or affected by this compromised package.
However if you would like to discuss this in greater detail or require any further information, please contact us at support@kammadata.com.
More information on the technical aspects of this vulnerability can be found here: https://nvd.nist.gov/vuln/detail/CVE-2024-3094.
Kamma and Octopus Real Estate partner to combine retrofit optimisation tech with green refurbishment loans
Read moreReliable and up-to-date energy efficiency data is a must to ensure an accurate property valuation for UK mortgage lenders – here’s why.
Read moreAccurate energy performance data is a must to ensure mortgage lenders can accurately assess affordability and reduce risk – here’s why.
Read moreRegular news, information and insights from Kamma. No spam. Unsubscribe at any time.
Subscribing ...
Sorry, we really want to but we couldn't subscribe you due to missing or incorrect information; please update the information that's highlighted in red and try again.
Well this is awkward. Something went wrong on the internet between your browser and our newletter subscription service. Please let us know and we'll do our best to fix it for you.
Thanks for subscribing! Check your Inbox in a short while for a confirmation email to check it was really you that just subscribed. If you've already subscribed, we'll keep your subscription but you won't receive a confirmation email this time.