On March 30, 2024, Red Hat, a frontrunner in the tech industry, released an urgent security advisory. The caution flags a critical security flaw in LZMA Utils, a common data compression utility. The flaw, concealed in versions 2.8.2 and 2.9.0, allows unauthorized remote access due to malicious code, earning it a maximum threat rating of 10.0 by the CVSS. Red Hat issued warnings of potential system destabilization and data loss and is urging an immediate installation of the released security patch to remedy the issue.
This major security compromise, identified as CVE-2024-1234, affects XZ Utils versions 5.6.0, launched on February 24, and 5.6.1, launched on March 9. Buried within the core code as a test file, the harmful executable modifies the liblzma library, indirectly affecting all related software applications and utilities. This has a high implication for user data security.
This intrusive algorithm tampers specifically with the SSH sshd daemon, vital for network security. It creates potential for threat actors to bypass the daemon’s authentication protocol and gain unlawful remote access. To prevent further infection, it is vital to regularly patch and update systems, implement strong intrusion detection protocols, audit SSH logs for suspicious activity, and reinforce firewall rules around the SSH daemon.
The malignant code was discovered by Microsoft security researcher, Andres Freund, after a vigorous investigation led him to four suspicious commits on GitHub, linked to a user known as Jia Tan.
Red Hat’s critical advisory on LZMA flaw
Freund issued a pressing call for users to confirm and verify code before integrating it into their projects. Although the dodgy commits were removed promptly, the threat is underlined by the active status of Jia Tan’s account.
Despite the potential for heavy impact, no instances of misuse have been recorded. Major operating systems such as Red Hat Enterprise Linux, SUSE Linux Enterprise, Leap, and Debian remain unaffected. However, it is recommended that Fedora Linux 40 users revert to a 5.4 build as a safety measure, and Linux distributions including Arch Linux, OpenSuse, and Debian Testing have been exposed to the flaw.
Given the significant security concern, the US Cybersecurity and Infrastructure Security Agency stresses the reversion to the 5.4.6 Stable version of the app, proven clean and safe. The agency issued guidelines for adjusting to this version. Steps comprise of deleting the current version, downloading and installation of the 5.4.6 Stable version via instructions provided. Users are urged to undertake these steps urgently to diminish device vulnerability. Constant vigilance and timely action are key for the best defense against cybersecurity threats.
