The XZ-Utils backdoor, CVE-2024-3094, remains present in multiple Docker images on Docker Hub, risking supply chain security. Despite early discovery and detection tools, some affected images, including those from Debian, remain publicly accessible, posing a low but real threat. #XZUtilsBackdoor #DockerHub #SupplyChainRisks
Keypoints
- The XZ-Utils backdoor was discovered in March 2024 and affects numerous Linux images on Docker Hub.
- The backdoor allowed attackers to bypass SSH authentication and execute remote commands as root.
- Many affected images continue to be available, including images maintained by Debian, despite the security risk.
- Researchers advise users to upgrade to version 5.6.2 or later of XZ-Utils to mitigate the threat.
- Debian opted not to remove the compromised images, citing low risk and archiving importance, which raised security concerns.