XZ Utils backdoor
In February 2024, a malicious backdoor was introduced to the Linux utility xz within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name "Jia Tan". The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution capabilities on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number and has been assigned a CVSS score of 10.0, the highest possible score.While xz is commonly present in most Linux distributions, at the time of discovery the backdoored version had not yet been widely deployed to production systems, but was present in development versions of major distributions. The backdoor was discovered by the software developer Andres Freund, who announced his findings on 29 March 2024. Provided by Wikipedia
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16by Haiqin Li, Meifang Tan, Fanfan Zhang, Huayuan Ji, Yanbing Zeng, Qun Yang, Jia Tan, Jiangnan Huang, Qi Su, Yu Huang, Zhaofeng KangGet full text
Published 2021-02-01
Article -
17by Longyuan Hu, Jia Tan, Xiaomei Yang, Haitao Tan, Xiaozhen Xu, Manhang You, Wu Qin, Liangzhao Huang, Siqi Li, Manqiu Mo, Huifen Wei, Jing Li, Jiyong TanGet full text
Published 2016-01-01
Article -
18by Kai Xie, Nanqing Wang, Yu Guo, Shuang Zhao, Jia Tan, Lei Wang, Guoyuan Li, Junxiang Wu, Yangzi Yang, Wenyu Xu, Juan Chen, Wenbo Jiang, Penghuai Fu, Yongqiang HaoGet full text
Published 2022-02-01
Article -
19by Zefang Sun, Jia Tan, Minqiong Zhao, Qiyao Peng, Mingqing Zhou, Shanru Zuo, Feilong Wu, Xueguang Li, Yangyang Dong, Ming Xie, Yide Yang, Junhua Zhou, Xianghua Liu, Quanze He, Zuping He, Xing Yu, Quanyuan HeGet full text
Published 2021-03-01
Article -
20by Yu-Zheng Ge, Ran Wu, Tian-Ze Lu, Rui-Peng Jia, Ming-Hao Li, Xiao-Fei Gao, Xiao-Min Jiang, Xian-Bo Zhu, Liang-Peng Li, Si-Jia Tan, Qun Song, Wen-Cheng Li, Jia-Geng ZhuGet full text
Published 2014-01-01
Article