Categories: Technology

The backdoor sows panic in the Linux community

A big panic in the Linux community. The backdoor will actually be added to many popular Linux distributions. The worst was narrowly averted, but questions remain about the author of this backdoor that has operated in secret for years.

Last Friday, a Microsoft software engineer, Andreas Freund discovered the presence of the backdoor in XZ Utils, a free software toolkit for compressing and decompressing XZ format files. This set of software is widely used in Linux and Unix operating systems.

An intrusion narrowly avoided

Andreas Freund discovered this backdoor after benchmarking the Debian distribution. During testing, the engineer determined that XZ Utils used a lot of CPU resources related to SSH processes, a network protocol used to communicate securely (typically, for remote access to servers).

After this discovery, publishers Red Hat and Debian published an alert to warn the general public about this threat (CVE-2024-3094). Fortunately, we avoided the worst: the malicious component of XZ Utils was not integrated into the stable versions of Red Hat Linux and Debian.

However, backdoors have found their way into beta or experimental Linux distributions (Fedora Rawhide, Red Hat Fedora 40 beta, etc.). Affected users are strongly recommended to roll back to previous OS versions. A backdoor gives hackers full power to execute code on an infected computer.

This advice was reiterated by the US Cyber ​​Security and Infrastructure Security Agency (CISA). Needless to say, it is very serious.

Backdoor integration into its credibility in the community. It was in February that he installed the famous backdoor in versions 5.6.0 and 5.6.1 of XZ Utils. The hacker then forced Ubuntu, Red Hat and Debian to integrate the compromised version into their distributions.

Little is known about Jia Tan, who also worked on other important Linux components. Regardless, the Linux community was very scared, and this story may well push them to strengthen security around the development of the OS.

🔴 To not miss any news from 01net, follow us on Google News and WhatsApp.

Opera One – AI powered web browser

By: Opera

Source:

ArsTechnica

Source link

Admin

Share
Published by
Admin

Recent Posts

100 million degrees for 48 seconds: South Korea’s ‘artificial sun’ moves closer to nuclear revolution

This is a new record that scientists from the Korea Fusion Energy Institute (KFE) have…

8 months ago

The report offers solutions for insurers facing future growth in natural disasters

Damages associated with drought, floods, hail and other increasingly violent events are expected to increase…

8 months ago

You still have time to claim this exciting investigation

An estimated 9 million people in the United States are still waiting for their final…

8 months ago

IDF recognizes “serious mistake” in killing seven members of NGO World Central Kitchen

The death of seven humanitarian workers from the American NGO World Central Kitchen in an…

8 months ago

Fortnite Shop Apr 3, 2024 – Fortnite

Today, at one o'clock in the morning, Gamer updates it Boutique de Fortnite Through the…

8 months ago

Sharon Stone tried to make a Barbie movie in the 1990s

The Basic Instinct and Casino actress looks back at a time in Hollywood when adapting…

8 months ago