| title | url | markmap | ||||
|---|---|---|---|---|---|---|
apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links |
|
- XZ Utils 5.6.0
- XZ Utils 5.6.1
- Jia Tan (github.com/JiaT75)
- infamy! managed to became co-maintainer of XZ-Utils by helping Lasse first, and eventually implanting sophisticated backdoor.
- jiat0218@gmail.com
- high likely there are more
- Lasse Collin (github.com/Larhzu)
- please stay strong! any software maintainer could be such a victim. everyone, please show him support and empathy.
- The Tukaani Project
- repo: XZ Utils (backdoor has been removed on 2024-04-09)
- github: XZ Utils (repository has been reactivated on 2024-04-09)
- page: XZ Utils backdoor
- page: XZ Utils review notes
- page: Contact information
- mail: [tech-board] [PATCH 00/11] xz: Updates to license, filters, and compression options at linux-kernel ML (2024-03-30)
- by Andres Freund (@AndresFreundTec)
- props & kudos! everyone, please give him a beer/coffee/drink/tea if you ever meet him!
- mail: backdoor in upstream xz/liblzma leading to ssh server compromise at oss-security ML (info) (2024-03-29)
- toot: I accidentally found a security issue while benchmarking postgres changes. (2024-03-29)
- tweet: FWIW, I didn't actually start looking due to the 500ms - I started looking when I saw failing ssh logins (2024-03-30)
- by Russ Allbery (github.com/rra)
- "The reality that we are struggling with is that the free software infrastructure on which much of computing runs is massively and painfully underfunded by society as a whole, and is almost entirely dependent on random people maintaining things in their free time because they find it fun, many of whom are close to burnout. This is, in many ways, the true root cause of this entire event." (quote from debian-devel ML) (2024-03-29)
- page: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 at CISA (2024-03-29)
- page: CVE-2024-3094 at CVE.org (2024-03-29+)
- page: CVE-2024-3094 at NVD.NIST (2024-03-29+)
- page: CVE-2024-3094 at Red Hat Customer Portal (2024-03-29+)
- page: CVE-2024-3094 at Alpine Linux Security Issue Tracker (2024-03-29)
- page: CVE-2024-3094 at Debian Security Bug Tracker (2024-03-29+)
- page: CVE-2024-3094 at Ubuntu Security (2024-03-30)
- page: CVE-2024-3094 at Arch Linux Security Tracker (2024-03-29)
- page: CVE-2024-3094 at SUSE Security Tracker (2024-03-28+)
- Debian
- bug: 1068024
revert to version that does not contain changes by bad actor(2024-03-29)
- bug: 1068024
- Gentoo
- bug: 928134
(CVE-2024-3094) - >=app-arch/xz-utils-5.6.0: backdoor in release tarballs(2024-03-29)
- bug: 928134
- Red Hat
- bug: 2272210
(CVE-2024-3094) - CVE-2024-3094 xz: malicious code in distributed source(2024-03-29)
- bug: 2272210
- SUSE
- bug: 1222124
(CVE-2024-3094) - VUL-0: CVE-2024-3094: xz: backdoored 5.6.0,5.6.1 version(2024-03-28)
- bug: 1222124
- Ubuntu
- bugs: CVE-2024-3094 in Launchpad CVE tracker (2024-03-29+)
- Fedora
- post: Urgent security alert for Fedora Linux 40 and Fedora Rawhide users (2024-03-29+)
- Debian
- mail: [SECURITY] [DSA 5649-1] xz-utils security update (2024-03-29)
- openSUSE
- post: openSUSE addresses supply chain attack against xz compression library (2024-03-29)
- Gentoo
- page: XZ utils: Backdoor in release tarballs (GLSA 202403-04) (2024-03-29)
- Kali Linux
- post: All about the xz-utils backdoor (2024-03-29)
- Arch Linux
- post: The xz package has been backdoored (2024-03-29)
- page: [ASA-202403-1] xz: arbitrary code execution (2024-03-29)
- Alpine Linux
- post: Backdoor found in xz package source (2024-03-31)
- Amazon Linux
- post: CVE-2024-3094 (2024-03-29)
- NixOS
- post: CVE-2024-3094: Malicious code in xz 5.6.0 and 5.6.1 tarballs (2024-03-29+)
- FreeBSD
- mail: Disclosed backdoor in xz releases - FreeBSD not affected (2024-03-29)
- NetBSD
- post: Statement on backdoor in xz library (2024-03-30)
- GitHub
- CERT-EU
- post: Critical Vulnerability in XZ Utils (2023-03-29+)
- by Merav Bar, Amitai Cohen (@AmitaiCo), Danielle Aminov (@danielleaminov)
- post: Backdoor in XZ Utils allows RCE: everything you need to know (2024-03-29++)
- by nugxperience (@nugxperience)
- by alden (@birchb0y)
- by Gynvael Coldwind (@gynvael)
- post: xz/liblzma: Bash-stage Obfuscation Explained (2024-03-30)
- toot: Some notes from analyzing the bash part obfuscation of the xz/liblzma part (2024-03-30)
- by Serge Bazanski (@q3k)
- gist: liblzma backdoor strings extracted from 5.6.1 (from a built-in trie) (2024-03-30)
- toot: List of encoded strings within the liblzma/xz backdoor payload (5.6.1) (2024-03-30)
- by Stefano Moioli (github.com/smx-smx)
- gist: [WIP] XZ Backdoor Analysis and symbol mapping (2024-03-30+)
- github: xzre - Reverse engineering of the XZ backdoor (2024-04-02+)
- page: xzre Documentation generated by Doxygen (2024-04-04+)
- by Rhea Karty and Simon Henniger
- post: XZ Backdoor: Times, damned times, and scams (2024-03-30)
- by Connor Tumbleson (@iBotPeaches)
- post: Watching xz unfold from afar (2024-03-30+)
- by Jonathan Schleifer (@js)
- wiki: xz-backdoor-documentation (2024-03-30+)
- toot: I started a writeup of what I found so far about the #xz backdoor (2024-03-30)
- by Michael Karcher (github.com/karcherm)
- by Anthony Weems (@amlw)
- by Peter Geissler (@blasty)
- tweet: the xz sshd backdoor rabbithole goes quite a bit deeper. (2024-04-06)
- thread: the xz sshd backdoor rabbithole goes quite a bit deeper. (2024-04-06)
- github: Jia Tan's SSH Agent - Simple SSH Agent that implements some of the XZ sshd backdoor functionality. (2024-04-08)
- by Kaspersky (@kaspersky)
- post: XZ backdoor story – Initial analysis (2024-04-12)
- tweet: Our experts analyzed the malicious #XZbackdoor, which almost infected multiple #Linux distributions. (2024-04-12)
- by Binarly (@binarly_io)
- page: liblzma.so infection (2024-04-12)
- tweet: We’ve completed an in-depth analysis of the #XZbackdoor, from initialization to the main hook enabling remote access. (2024-04-12)
- by Sam James (@thesamesam)
- gist: FAQ on the xz-utils backdoor (CVE-2024-3094) (2024-03-29+)
- toot: Since the #xz incident started, I've been maintaining an FAQ/living document on what we know (2024-04-01)
- by Evan Boehs (@eb)
- post: Everything I Know About the XZ Backdoor (2024-03-29+)
- toot: I have begun a post explaining this situation in a more detailed writeup. (2024-03-29)
- by Russ Cox (@rsc)
- post: Timeline of the xz open source attack (2024-04-01+)
- toot: I put together a timeline of the xz attack, dating back to 2021. (2024-04-02)
- post: The xz attack shell script (2024-04-02)
- toot: A walkthrough of the xz attack shell script. (2024-04-02)
- by Filippo Valsorda (@filippo)
- by Dan Goodin (@dangoodin)
- post: What we know about the xz Utils backdoor that almost infected the world (2024-04-01)
- by Daroc Alden (@setupminimal)
- post: How the XZ backdoor works (2024-04-02+)
- by Low Level Learning (@LowLevelTweets)
- video: revealing the features of the XZ backdoor based on xzbot (2024-04-03)
- by Christian Weisgerber (naddy)
- mail: lcamtuf on the recent xz debacle (2024-04-05)
- by Danielle Aminov (@danielleaminov)
- image: liblzma_flow_w_logo-1.png used in Wiz post (2024-03-31)
- toot: I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand. (2024-04-02)
- by Thomas Roccia (@fr0gger)
- toot: I tried to make sense of the analysis in a single page (which was quite complicated)! Part 1 w/ LQ img (2024-03-31)
- tweet: I tried to make sense of the analysis in a single page (which was quite complicated)! Part 1 w/ HQ img (2024-03-31)
- toot: I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. Part 2 w/ LQ img (2024-04-04)
- tweet: I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. Part 2 w/ HQ img (2024-04-04)
- by ACE Responder (@ACEResponder)
- tweet: How the #XZUtils SSHD backdoor works. animation based on xzbot (2024-04-07)
- by Vegard Nossum (@vegard)
- file: detect.sh (warning: uses ldd which is unsafe unless you trust its target) (2024-03-29)
- toot: Upstream backdoor discovered in xz-utils/liblzma (2024-03-29)
- by Binarly (@binarly_io)
- page: xz.fail - Binarly XZ backdoor detector (2024-04-01)
- post: XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor (2024-04-01)
- by Hank Leininger (github.com/hlein)
- github: distro-backdoor-scanner - tools to scan OS distributions for backdoor indicators (2024-04-01+)
-
by Jonathan Corbet (@corbet)
- toot: Random, unordered, probably useless thoughts on today's apocalypxze... (2024-03-29)
- post: Free software's not-so-eXZellent adventure (2024-04-02)
-
by Michał Zelewski (@lcamtuf)
- post: Techies vs spies: the xz backdoor debate (2024-03-30)
- toot: OK, so here's my slightly more eloquent take on the xz thing, complete with a zinger closing paragraph (2024-03-30)
- post: OSS backdoors: the folly of the easy fix (2024-03-31)
- toot: The maintainers of libcolorpicker.so can’t be the only thing that stands between your critical infrastructure and Russian or Chinese intelligence services (2024-03-31)
-
by Rob Mensching (@robmen)
- tweet: Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack (2024-03-30)
- post: A Microcosm of the interactions in Open Source projects (2024-03-30)
- post: What could be done to support Open Source maintainers? (2024-03-31)
-
by Devon Eriksen (@Devon_Eriksen_)
-
by Dominik Czarnota (@disconnect3d_pl)
-
by Josh Bressers (@joshbressers), Kurt Seifried (@kurtseifried)
- podcast: Open Source Security - XZ Bonus Spectacular Episode (2024-04-01)
-
by Brian Krebs (@briankrebs)
-
by Ariadne Conill (@ariadne)
- post: The XZ Utils backdoor is a symptom of a larger problem (2024-04-02)
- toot: The XZ Utils backdoor is a symptom of a larger problem (2024-04-02)
-
by Rachel Kroll
- post: autoconf makes me think we stopped evolving too soon (2024-04-02)
-
by Patrick Gray (@riskybusiness), Adam Boileau (@metlstorm)
- podcast: Risky Business #743 - A chat about the xz backdoor with the guy who found it w/ special guest: Andres Freund (2024-04-03)
-
by Peter Geissler (@blasty)
-
by Alex Matrosov (@matrosov)
- I'm not sure if someone noticed, but @HexRaysSA IDA shows a warning on the ifunc implantation technique used by #xzbackdoor (2024-04-06)
- Our xz.fail scanner detects generically ifunc implantation #xzbackdoor technique on any ELF file and could spot other projects implanted by the same technique (2024-04-06)
-
by Valentina Palmiotti (@chompie1337)
- tweet: A lot of tradecraft being burned here. (2024-04-07)
-
by Adam Leventhal (@ahl), Bryan Cantrill (@bcantrill)
- toot: What an Oxide and Friends last night! @bcantrill and I were joined by the one and only @AndresFreundTec to talk about his discovery of the xz backdoor. (2024-04-09)
- podcast: Oxide and Friends - Discovering the XZ Backdoor with Andres Freund w/ special guest: Andres Freund (2024-04-10)
-
by Dirk Mueller / openSUSE Linux (@opensuse)
- toot: Dive into what happened with the #XZ #backdoor. (2024-04-12)
- post: What we need to take away from the XZ Backdoor (2024-04-12)
-
by Jack Cable (@jackhcable)
- post: Lessons from XZ Utils: Achieving a More Sustainable Open Source Ecosystem (2024-04-12)
-
collected by Michael Tsai (@mjtsai)
- post: xz Backdoor (2024-04-01+)
-
by LWN.net community
- post: A backdoor in xz (2024-03-29)
-
by Lobsters community
- post: backdoor in upstream xz/liblzma leading to ssh server compromise (2024-03-29)
-
by Hacker News community
- post: Backdoor in upstream xz/liblzma leading to SSH server compromise (2024-03-29)
- post: Xz: Can you spot the single character that disabled Linux landlock? (2024-03-30)
- post: Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (2024-04-01)
-
by reddit r/linux community
- post: backdoor in upstream xz/liblzma leading to ssh server compromise (2024-03-29)