Microsoft employee Andres Freund recently discovered an unusual vulnerability in the xz package on Debian installations. After noticing high CPU usage during ssh logins, Freund decided to investigate further. This vulnerability has been deemed extremely severe, with a maximum security rating and a critical impact rating from Red Hat Product Security.
Named CVE-2024-3094 by Red Hat, this vulnerability has been cheekily given a more colorful name by the tech community due to its seriousness. The malicious code was found in the upstream tarballs of xz versions 5.6.0 and 5.6.1, leading to the modification of specific functions in the liblzma code.
It is recommended to check for xz versions 5.6.0 or 5.6.1 in your distributions and downgrade to 5.4.6 if possible. If not, consider disabling public-facing SSH servers as a precautionary measure.
Overall, this incident highlights the importance of ongoing vigilance in the tech community to detect and mitigate potential vulnerabilities before they can be exploited.
Source link
