Red Hat Warns of Malware Code Embedded in Popular Linux Tool Allow Unauthorized Access to Systems

Red Hat has sent out a serious security warning about bad code This article explores red hat code. . It was found in newer versions of the "xz" compression libraries and tools.

This very advanced supply chain compromise, known as CVE-2024-3094, could let hackers get around authentication and get unauthorized remote access to Linux systems that are affected. Almost every commercial and community Linux distribution has the xz utility, which is a basic way to compress data. People mostly use it to make big files smaller so they can be sent more easily. Red Hat has said that this security hole does not affect any versions of Red Hat Enterprise Linux (RHEL).

In the Red Hat ecosystem, the affected packages are only found in Fedora Rawhide and the Fedora Linux 40 beta.

This threat is also affecting other community distributions besides Red Hat. The code that was injected worked in Debian unstable (Sid) and a number of openSUSE distributions. System administrators need to act right away to protect their systems.

The main Git repository doesn't make it easy to see the bad code. Instead, it is caused by an M4 macro that is hard to read and is only in the full distribution download package. This hidden macro compiles second-stage artifacts that change how the library works during the software build process. This compromised build directly messes with authentication processes in sshd through systemd once it is installed on a system.

This interference lets bad actors get around authentication checks, which gives them full, unauthorized remote access to the machine.

An emergency update has been released for FedoraLinux 40 beta users that forces them to downgrade to build 5.4.x.