Particle.news
Download on the App Store
3 ARTICLES
·
6d ago

Docker Hub Retains 35 Container Images Harboring XZ-Utils Backdoor

Debian classifies the compromised images as archival relics with minimal exploitation risk, prompting calls for persistent scanning to prevent supply-chain contamination.

Image

Overview

  • Binarly researchers identified at least 35 Docker Hub images, including 12 official Debian variants and multiple second-order builds, still shipping the CVE-2024-3094 backdoor in xz-utils 5.6.0/5.6.1.
  • Debian maintainers opted not to remove the backdoored images, deeming them historical artifacts unlikely to be exploited without sshd, network access, and a matching private key.
  • Analysis reveals that several compromised base images have been used to build downstream containers, raising the risk of transitive infections in CI/CD pipelines.
  • Security vendors such as Binarly and Kaspersky have released detection scanners and recommend upgrading to xz-utils 5.6.2 or later to eliminate the hijacked liblzma.so.
  • Experts warn the incident illustrates how short-lived malicious code can persist in public registries, reinforcing the need for continuous binary-level monitoring beyond simple version checks.