Background

On March 29th, 2024, a backdoor was discovered in #xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average #Linux or #macOS system will have it installed for convenience.

This #backdoor is very indirect and only shows up when a few known specific criteria are met. Others may be yet discovered! However, this backdoor is at least triggerable by remote unprivileged systems connecting to public SSH ports. This has been seen in the wild where it gets activated by connections - resulting in performance issues, but we do not know yet what is required to bypass authentication (etc) with it.

https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

xz-utils backdoor situation

xz-utils backdoor situation. GitHub Gist: instantly share code, notes, and snippets.

^Gist