xz-utils 5.6.3 update



It's tempting to merge the topics. However, that topic is quite 'old' at this point.

So, reference this thread:


No you're wrong, I'm talking about the xz-utils update (5.6.3) that I installed yesterday by upgrading to Kali Linux.
The CVE-2024-3094 is a critical vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils, a widely-used data compression tool. It stems from a supply chain attack that introduced a backdoor into the software, allowing unauthorized remote access to systems. Specifically, it exploits the liblzma library, a dependency of OpenSSH, enabling attackers to execute arbitrary commands via SSH before authentication. This could lead to remote code execution (RCE), compromising system security.
 
Last edited:
I'm talking about the xz-utils update (5.6.3) that I installed yesterday by upgrading to Kali Linux.
The CVE-2024-3094 is a critical vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils,

Umm... That's what the linked thread is about, as far as I can tell.
 
My xz is version 5.2.5 and my sshd isn't a vulnerable version. I already made sure of that.

Signed,

Matthew Campbell
 
They've released a couple of versions since the malware was discovered. So, there's that...

It was a pretty basic (and effective) bit of social engineering mixed with some malicious code to top it off.

Social engineering is one of the hacks that can be basic or advanced. It's one of the oldest forms of 'hacking' around. Combined with computer hacking/cracking (or just information gathering) it can be a very potent tool.
 

Members online


Top