⚡ TL;DR | Go Straight to the XZ CVE-2024-3094 Vulnerability Audit Report
On March 29th, Red Hat released a security advisory detailing CVE-2024-3094. “PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES” said Red Hat as it rushed to prevent people from using any of their distros that contained a compromized version of XZ Utils.
CVE-2024-3094
Red Hat learned on March 29th that XZ Utils and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries. CVE-2024-3094 received the maximum CVSS 3 score of 10, meaning its crucial to address the vulnerability as soon as possible.
Red Hat specifically mentions that Fedora 40 and Fedora Rawhide users could be impacted, but in theory, any distro that has updated to version 5.6.0 or 5.6.1 is vulnerable as the vulnerability is present in the XZ Utils.
One important addition is that “The malicious injection present in the XZ versions 5.6.0 and 5.6.1 libraries is obfuscated and only included in full in the download package” says Red Hat. Meaning the Git distribution is deemed safe.
What is XZ?
XZ is a versatile data compression format widely integrated across virtually all Linux distributions, spanning community-driven initiatives and commercial product offerings alike. In essence, it serves to condense and subsequently expand large file formats into more compact sizes, facilitating smoother file transfers and management.
Discover Vulnerable XZ Installs
We have added an updated audit report to your Lansweeper installations to help you locate any vulnerable instances of XZ in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.