Versions 5.6.0 to 5.6.1 of the xz-utils package were discovered to harbour a backdoor (CVE-2024-3094), posing a potential threat to the authentication integrity and enabling unauthorized system access by malicious actors. Given the widespread usage of this library, the vulnerability presents a significant risk to the Linux ecosystem. Fortunately, prompt detection mitigated its impact, and Debian and its derivative Kali Linux swiftly patched the issue.
The vulnerability affected Kali Linux users from March 26th to March 29th, coinciding with the availability of xz-utils 5.6.0-0.2. Users who update their Kali installations within this window must apply the latest updates immediately. Those who updated before March 26th remain unaffected by this backdoor vulnerability.
According to Red Hat, the vulnerable packages are present in Fedora 41 and Fedora Rawhide. They advise users of these distributions to cease their usage immediately. Red Hat recommends that businesses using the affected distributions contact their information security teams for guidance on the next steps. Additionally, they reassure users that this vulnerability impacts Red Hat Enterprise Linux (RHEL) versions.
Debian has clarified that stable versions of the distribution remain unaffected. However, compromised packages were identified within the Debian testing, as well as unstable and experimental distributions. Users of these distributions are advised to promptly update their xz-utils packages. Vincent Danen, VP of Product Security at Red Hat, emphasized the critical importance of maintaining a vigilant and experienced Linux security team to monitor software supply chain channels.
For those who updated their Kali installation between March 26th and March 29th, installing the latest updates promptly to resolve this issue is imperative. However, you are only exposed to this backdoor vulnerability if you have updated your Kali installation before March 26th.
References:
