π΄ Website π https://u-s-news.com/
Telegram π https://t.me/usnewscom_channel
- XZ-Utils backdoor was found over a year ago
- Despite warnings, some Linux images still contain it
- Debian won’t budge as the images are “historical artifacts”
At least 35 Linux images hosted on Docker Hub contain dangerous backdoor malware, which could put software developers and their products at risk of takeover, data theft, ransomware, and more.
At least some of the images, however, will remain on the site and will not be removed, since they are outdated anyway and shouldnβt be used.
In March 2024, the open source community was stunned when security researchers spotted βXZ Utilsβ, a piece of malicious code, in the upstream xz-utils releases 5.6.0 and 5.6.1 (the liblzma.so library) that briefly propagated into some Linux distro packages (not their stable releases). The backdoor was inserted by a developer named βJia Tanβ who, in the two years leading up to that moment, built significant credibility in the community through various contributions.
Debian, Fedora, and others
Now, security researchers at Binarly have said malicious xz-utils packages containing the backdoor were distributed in certain branches of several Linux distributions, including Debian, Fedora and OpenSUSE.
βThis had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.β βThis had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.β
Binarly’s experts are now saying several Docker images, built around the time of the compromise, also contain the backdoor. It says that at first glance, it might not seem alarming since if the distribution packages were backdoored, then any Docker images based on them would be backdoored, as well.
However, the researchers said some of the compromised images are still available on Docker Hub, and were even used in building other images which have also been transitively infected. Binarly said it found βonlyβ 35 images because it focused solely on Debian images:
βThe impact on Docker images from Fedora, OpenSUSE, and other distributions that were impacted by the XZ Utils backdoor remains unknown at this time.β
Debian said it wouldnβt be removing the malicious images since theyβre outdated anyway and shouldnβt be used. They will be left as βhistorical artifactsβ.
Via BleepingComputer