Advisory: Upstream Backdoor in XZ library

Torna alla panoramica degli advisory di sicurezza
Informational
CVE
CVE-2024-3094
Updated:
Prodotto/i
Cloud Optix
Intercept X Endpoint
Intercept X for Server
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
ID di pubblicazione sophos-sa-20240401-XZ Backdoor
Versione dell'articolo 1
Prima pubblicazione
Soluzione alternativa No

Overview

On friday March 29, 2024, Andres Freund announced the discovery of a backdoor in XZ/Liblzma to the Open Source Software (OSS) Security mailing list.

Liblzma is a widely used compression library; used in tools such as XZ, it is also an integral part of many other programs. It was specifically modified to allow backdoor access via SSH on linux. The backdoor is present in XZ Versions 5.6.0 and 5.6.1.

What Sophos products are affected?

The following products have been reviewed against the XZ backdoor vulnerability:

Product or ServiceStatusDescription
Cloud OptixNot affectedVulnerable code not present
SG UTM (all versions)Not affectedVulnerable code not present
Sophos CentralNot affectedVulnerable code not present
Sophos Endpoint protection (Windows)Not affectedVulnerable code not present
Sophos Endpoint protection (macOS)Not affectedVulnerable code not present
Sophos Endpoint protection (Linux)Not affectedVulnerable code not present
Sophos EmailNot affectedVulnerable code not present
Sophos Firewall (all versions)Not affectedVulnerable code not present
SophosConnect clientNot affectedVulnerable code not present
Sophos Home (macOS)Not affectedVulnerable code not present
Sophos MobileNot affectedVulnerable code not present
Sophos Mobile EAS ProxyNot affectedVulnerable code not present
Sophos Mobile Control app (iOS + Android)Not affectedVulnerable code not present
Sophos Intercept X for Mobile app (iOS + Android)Not affectedVulnerable code not present
Sophos Chrome SecurityNot affectedVulnerable code not present
Sophos PhishThreatNot affectedVulnerable code not present
Sophos REDNot affectedVulnerable code not present
Sophos AP/APXNot affectedVulnerable code not present
Sophos ZTNANot affectedVulnerable code not present
Sophos SwitchNot affectedVulnerable code not present
SophosLabs IntelixNot affectedVulnerable code not present
Sophos DNS ProtectionNot affectedVulnerable code not present
Sophos SASI (AntiSpam)Not affectedVulnerable code not present
SUSINot affectedVulnerable code not present
AV Engine (all platforms)Not affectedVulnerable code not present

Related Information