Entware Backdoor in linux XZ utils on Linux distros.

DJones · Mar 29, 2024

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access - Phoronix

www.phoronix.com

Whomp whomp

*Doesn't appear to be incorporated into Asuswrt-Merlin. 5.4.6-1 xz is a entware however “Some malicious code was added to XZ 5.6.0/5.6.1 that could allow unauthorized remote system access.”

Earlier versions should be safe however xz utils upstream should not be trusted until further security research is done and the backdoor is patched.

XIII · Mar 30, 2024

Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm ANALYGENCE, said in an online interview.

Backdoor found in widely used Linux utility breaks encrypted SSH connections

Malicious code planted in xz Utils has been circulating for more than a month.

arstechnica.com

visortgw · Mar 30, 2024

xz-utils 5.4.6-1 (pre-backdoor) is available in entware, but it is not installed on my router as part of amtm or a handful of 3rd-party scripts. You can verify on your own device via "opkg list-installed".

Ripshod · Mar 30, 2024

Not installed on mine either, even with all the scripts I've installed.

RMerlin · Mar 30, 2024

Neither Asuswrt-Merlin nor Entware are affected, different version.

Search

Search

Entware Backdoor in linux XZ utils on Linux distros.

DJones

Very Senior Member

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access - Phoronix

XIII

Part of the Furniture

Backdoor found in widely used Linux utility breaks encrypted SSH connections

visortgw

Part of the Furniture

Ripshod

Part of the Furniture

RMerlin

Asuswrt-Merlin dev

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Members online

We value your privacy