What's new

Entware Backdoor in linux XZ utils on Linux distros.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Not open for further replies.


Very Senior Member

Whomp whomp 😑

*Doesn't appear to be incorporated into Asuswrt-Merlin. 5.4.6-1 xz is a entware however “Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.”

Earlier versions should be safe however xz utils upstream should not be trusted until further security research is done and the backdoor is patched.
Last edited:
xz-utils 5.4.6-1 (pre-backdoor) is available in entware, but it is not installed on my router as part of amtm or a handful of 3rd-party scripts. You can verify on your own device via "opkg list-installed".
Not installed on mine either, even with all the scripts I've installed.
Not open for further replies.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!