漏洞CVE编号：CVE-2024-3094 ( XZ Utils 库中发现秘密后门) 相关问题

漏洞编号

CVE-2024-3094

漏洞类型

恶意后门植入漏洞

漏洞等级

紧急(CVSSv3分数为10.0)

受影响的版本

XZ Utils 版本 5.6.0 和 5.6.1 受到影响。

缓解方式

对受影响的版本进行降级处理，通过运行命令“xz -V”或“xz –version”来检查已安装的版本

受影响的Linux操作系统类型

• Fedora Rawhide
• https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
• Fedora Rawhide 是 Fedora Linux 的开发发行版

---

• Fedora 41
• https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

---

• Debian testing, unstable and experimental distributions versions 5.5.1alpha-0.1 to 5.6.1-1.
• https://lists.debian.org/debian-security-announce/2024/msg00057.html

---

• openSUSE Tumbleweed and openSUSE MicroOS
• https://news.opensuse.org/2024/03/29/xz-backdoor/

---

• Kali Linux
• https://www.kali.org/blog/about-the-xz-backdoor/

---

不受影响的Linux操作系统类型

• Fedora Linux 40
• https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

---

• Red Hat Enterprise Linux (RHEL)
• https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

---

• Debian
• https://lists.debian.org/debian-security-announce/2024/msg00057.html

---

• Amazon Linux
• https://aws.amazon.com/security/security-bulletins/AWS-2024-002/

---

• SUSE Linux Enterprise and Leap
• https://news.opensuse.org/2024/03/29/xz-backdoor/

---

参考：https://www.openwall.com/lists/oss-security/2024/03/29/4