On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that gives developers lossless compression. This package is commonly used for compressing release tarballs, software packages, kernel images, and initramfs images. It is very widely distributed, statistically your average Linux or macOS system will have it installed for
bjnews
bjnews
/ xz-backdoor.md
Created
March 31, 2024 11:55
— forked from thesamesam/xz-backdoor.md
xz-utils backdoor situation
thesamesam
/ xz-backdoor.md
Last active
April 7, 2025 09:15
xz-utils backdoor situation (CVE-2024-3094)
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.