Critical Backdoor Discovered in Widely Used Linux Compression Library

The vulnerability, identified as CVE-2024-3094, affects multiple Linux distributions and could enable unauthorized remote access.

Red Hat warns of a backdoor in xz, a widely used data compression library, affecting Fedora Linux 40, Fedora Rawhide, Debian, and Kali Linux.
The malicious code in xz versions 5.6.0 and 5.6.1 is designed to break SSH authentication, allowing unauthorized remote access.
CVE-2024-3094, with a 10/10 CVSS severity rating, has been assigned to this vulnerability.
Users are urged to immediately stop using affected Fedora instances and to check other Linux and OS distributions for the compromised xz versions.
The US government's Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the vulnerability.