Lansweeper
Vulnerability
Contents
XZ Utils Used in Most Linux Distros Compromised
02/04/2024
By Esben Dochy
TL;DR | Go Straight to the XZ CVE-2024-3094 Vulnerability Audit Report
On March 29th, Red Hat released a security advisory detailing CVE-2024-3094. “PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES” said Red Hat as it rushed to prevent people from using any of their distros that contained a compromized version of XZ Utils.
CVE-2024-3094
Red Hat learned on March 29th that XZ Utils and libraries contain malicious code that appears to be intended to allow unauthorized access. Specifically, this code is present in versions 5.6.0 and 5.6.1 of the libraries.
Red Hat specifically mentions that Fedora 40 and Fedora Rawhide users could be impacted, but in theory, any distro that has updated to version 5.6.0 or 5.6.1 is vulnerable as the vulnerability is present in the XZ Utils.
One important addition is that “The malicious injection present in the XZ versions 5.6.0 and 5.6.1 libraries is obfuscated and only included in full in the download package” says Red Hat. Meaning the Git distribution is deemed safe.
What is XZ?
XZ is a versatile data compression format widely integrated across virtually all Linux distributions, spanning community-driven initiatives and commercial product offerings alike. In essence, it serves to condense and subsequently expand large file formats into more compact sizes, facilitating smoother file transfers and management.
Discover Vulnerable XZ Installs
We have added an updated audit report to your Lansweeper installations to help you locate any vulnerable instances of XZ in your network. This report will give you an actionable list of installations that haven’t been updated to the fixed version yet. You can get the report via the link below.
Run the XZ CVE-2024-3094 Vulnerability Audit
Receive the latest vulnerability audit reports
Sign up for free.
var gform;gform||(document.addEventListener(“gform_main_scripts_loaded”,function()null!=t&&t!=o.priority)),window.addEventListener(“DOMContentLoaded”,function()),gform={domLoaded:!1,scriptsLoaded:!1,initializeOnLoaded:function(o)null!=t&&t!=o.priority),hooks:{action:,filter:{}},addAction:function(o,n,r,t){gform.addHook(“action”,o,n,r,t)},addFilter:function(o,n,r,t){gform.addHook(“filter”,o,n,r,t)},doAction:function(o){gform.doHook(“action”,o,arguments)},applyFilters:function(o){return gform.doHook(“filter”,o,arguments)},removeAction:function(o,n){gform.removeHook(“action”,o,n)},removeFilter:function(o,n,r){gform.removeHook(“filter”,o,n,r)},addHook:function(o,n,r,t,i){null==gform.hooks[o][n]&&(gform.hooks[o][n]=[]);var e=gform.hooks[o][n];null==i&&(i=n+”_”+e.length),gform.hooks[o][n].push({tag:i,callable:r,priority:t=null==t?10:t})},doHook:function(n,o,r){var t;if(r=Array.prototype.slice.call(r,1),null!=gform.hooks[n][o]&&((o=gform.hooks[n][o]).sort(function(o,n){return o.priority-n.priority}),o.forEach(function(o){“function”!=typeof(t=o.callable)&&(t=window[t]),”action”==n?t.apply(null,r):r[0]=t.apply(null,r)})),”filter”==n)return r[0]},removeHook:function(o,n,t,i){var r;null!=gform.hooks[o][n]&&(r=(r=gform.hooks[o][n]).filter(function(o,n,r){return!!(null!=i&&i!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][n]=r)}});
"*" indicates required fields
Email*
HiddenEmailType HiddenIM – Conv Page – Processing HiddenIM – UTM_Campaign FC – Processing HiddenIM – UTM_Campaign LC – Processing HiddenIM – UTM_Content FC – Processing HiddenIM – UTM_Content LC – Processing HiddenIM – UTM_Medium FC – Processing HiddenIM – UTM_Medium LC – Processing HiddenIM – UTM_Source FC – Processing HiddenIM – UTM_Source LC – Processing HiddenIM – UTM_Term FC – Processing HiddenIM – UTM_Term LC – Processing Hiddengclid Hiddenmsclkid NameThis field is for validation purposes and should be left unchanged.
gform.initializeOnLoaded( function() {gformInitSpinner( 38, ‘ true );jQuery(‘#gform_ajax_frame_38’).on(‘load’,function(){var contents = jQuery(this).contents().find(‘*’).html();var is_postback = contents.indexOf(‘GF_AJAX_POSTBACK’) >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find(‘#gform_wrapper_38’);var is_confirmation = jQuery(this).contents().find(‘#gform_confirmation_wrapper_38’).length > 0;var is_redirect = contents.indexOf(‘gformRedirect(){‘) >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery(‘html’).css(‘margin-top’), 10) + parseInt(jQuery(‘body’).css(‘margin-top’), 10) + 100;if(is_form){jQuery(‘#gform_wrapper_38’).html(form_content.html());if(form_content.hasClass(‘gform_validation_error’)){jQuery(‘#gform_wrapper_38’).addClass(‘gform_validation_error’);} else {jQuery(‘#gform_wrapper_38’).removeClass(‘gform_validation_error’);}setTimeout( function() { /* delay the scroll by 50 milliseconds to fix a bug in chrome */ jQuery(document).scrollTop(jQuery(‘#gform_wrapper_38’).offset().top – mt); }, 50 );if(window[‘gformInitDatepicker’]) {gformInitDatepicker();}if(window[‘gformInitPriceFields’]) {gformInitPriceFields();}var current_page = jQuery(‘#gform_source_page_number_38’).val();gformInitSpinner( 38, ‘ true );jQuery(document).trigger(‘gform_page_loaded’, [38, current_page]);window[‘gf_submitting_38’] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find(‘.GF_AJAX_POSTBACK’).html();if(!confirmation_content){confirmation_content = contents;}setTimeout(function(){jQuery(‘#gform_wrapper_38’).replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery(‘#gf_38’).offset().top – mt);jQuery(document).trigger(‘gform_confirmation_loaded’, [38]);window[‘gf_submitting_38’] = false;wp.a11y.speak(jQuery(‘#gform_confirmation_message_38’).text());}, 50);}else{jQuery(‘#gform_38’).append(contents);if(window[‘gformRedirect’]) {gformRedirect();}}jQuery(document).trigger(“gform_pre_post_render”, [{ formId: “38”, currentPage: “current_page”, abort: function() { this.preventDefault(); } }]); if (event.defaultPrevented) { return; } const gformWrapperDiv = document.getElementById( “gform_wrapper_38” ); if ( gformWrapperDiv ) { const visibilitySpan = document.createElement( “span” ); visibilitySpan.id = “gform_visibility_test_38”; gformWrapperDiv.insertAdjacentElement( “afterend”, visibilitySpan ); } const visibilityTestDiv = document.getElementById( “gform_visibility_test_38” ); let postRenderFired = false; function triggerPostRender() { if ( postRenderFired ) { return; } postRenderFired = true; jQuery( document ).trigger( ‘gform_post_render’, [38, current_page] ); gform.utils.trigger( { event: ‘gform/postRender’, native: false, data: { formId: 38, currentPage: current_page } } ); if ( visibilityTestDiv ) { visibilityTestDiv.parentNode.removeChild( visibilityTestDiv ); } } function debounce( func, wait, immediate ) { var timeout; return function() { var context = this, args = arguments; var later = function() { timeout = null; if ( !immediate ) func.apply( context, args ); }; var callNow = immediate && !timeout; clearTimeout( timeout ); timeout = setTimeout( later, wait ); if ( callNow ) func.apply( context, args ); }; } const debouncedTriggerPostRender = debounce( function() { triggerPostRender(); }, 200 ); if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) { const observer = new MutationObserver( ( mutations ) => { mutations.forEach( ( mutation ) => { if ( mutation.type === ‘attributes’ && visibilityTestDiv.offsetParent !== null ) { debouncedTriggerPostRender(); observer.disconnect(); } }); }); observer.observe( document.body, { attributes: true, childList: false, subtree: true, attributeFilter: [ ‘style’, ‘class’ ], }); } else { triggerPostRender(); } } );} );
NO CREDIT CARD REQUIRED
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.
TRY NOW
TALK TO SALES