XZ Utils Backdoor
   HOME





XZ Utils Backdoor
In February 2024, a malware, malicious Backdoor (computing), backdoor was introduced to the Linux build of the XZ Utils, xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name "Jia Tan". The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number and has been assigned a Common Vulnerability Scoring System, CVSS score of 10.0, the highest possible score. While xz is commonly present in most Linux distribution, Linux distributions, at the time of discovery the backdoored version had not yet been widely deployed to Deployment environment#Production, production systems, but was present in development versions of major distributions. The backdoor was discovered by the software developer Andres Freund, who announced his findings on 29 March 2024. Background Microsoft employee and PostgreSQL d ...
[...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


XZ Utils
XZ Utils (previously LZMA Utils) is a set of free software command-line lossless data compressors, including the programs lzma and xz, for Unix-like operating systems and, from version 5.0 onwards, Microsoft Windows. For compression/decompression the Lempel–Ziv–Markov chain algorithm (LZMA) is used. XZ Utils started as a Unix port of Igor Pavlov's LZMA- SDK that has been adapted to fit seamlessly into Unix environments and their usual structure and behavior. Features XZ Utils can compress and decompress the ''xz'' and ''lzma'' file formats. Since the LZMA format has been considered legacy, XZ Utils by default compresses to xz. In addition, decompression of the .lz format used by lzip is supported since version 5.3.4. In most cases, xz achieves higher compression rates than alternatives like zip, gzip and bzip2. Decompression speed is higher than bzip2, but lower than gzip. Compression can be much slower than gzip, and is slower than bzip2 for high levels of comp ...
[...More Info...]       [...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  



MORE