A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical remote code execution vulnerability in XZ Library (CVE-2024-3094)

Critical remote code execution vulnerability in XZ Library (CVE-2024-3094)

Advisory No: TZCERT/SA/2024/04/02

Date of First Release: 2nd April 2024

Source: Arch Linux, Red Hat

Software Affected: XZ Library versions 5.6.0 and 5.6.1

Overview:

Arch Linux and Red Hat have released security patches to address a critical vulnerability affecting the xz library. The vulnerability could allow an attacker to execute arbitrary code.

Description:

Xz is a general-purpose data compression format present in nearly every Linux distribution. This library is affected by a critical vulnerability tracked as CVE-2024-3094. The vulnerability is the result of the absence of M4 macro files that contain the instructions for building with automakes in the tarballs. This issue results in additional software modification thus leading to arbitrary code execution.

Impact:

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution:

Multiple Operating System vendors have released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://security.archlinux.org/ASA-202403-1
  2. https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Check Also

Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)

Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds …