Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in XZ Utils

1 April 2024

Security researchers have disclosed a critical vulnerability (CVE-2024-3094) in XZ Utils used in Linux distributions. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow an unauthorised attacker to bypass sshd authentication and gain remote access to the entire system.

The critical vulnerability affects XZ versions 5.6.0 and 5.6.1.

Users and administrators of Linux distributions are advised to verify if their systems are using affected XZ versions by inputting xz --version in the command line . If their systems are using an affected version, users and administrators are advised to downgrade to XZ versions 5.4.x or disable SSH services immediately, and review their systems for any malicious or suspicious activity. 

More information is available here:

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/#google_vignette

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Back to top