[主旨說明:]【漏洞預警】XZ Utils存在高風險安全漏洞(CVE-2024-3094),
[內容說明:]
轉發 國家資安資訊分享與分析中心 NISAC-200-202404-00000021
研究人員發現XZ Utils資料壓縮程式庫已遭受供應鏈攻擊(Supply Chain Attack)(CVE-2024-3094),該程式之特定版
情資分享等級: WHITE(情資內容為可公開揭露之資訊)
此訊息僅發送到「區縣市網路中心」,煩請貴單位協助公告或轉發
[影響平台:]
● Alpine
● Fedora 41、Fedora Rawhide及Fedora Linux 40 beta
● Kali Linux
● openSUSE Tumbleweed與openSUSE MicroOS
● Debian
● XZ Utils 5.6.0與5.6.1
[建議措施:]
確認版本後,請配合官方說明確認是否需要更新或是降低XZ Utils版本:
● Alpine: https://security.alpinelinux.o
● Debian: https://security-tracker.debia
● Fedora: https://fedoramagazine.org/cve
● Kali Linux: https://www.kali.org/blog/abou
● openSUSE: https://news.opensuse.org/2024
[參考資料:]
1. https://nvd.nist.gov/vuln/deta
2. https://jfrog.com/blog/xz-back
3. https://unit42.paloaltonetwork
4. https://www.ithome.com.tw/news
5. https://security.alpinelinux.o
6. https://security-tracker.debia
7. https://fedoramagazine.org/cve
8. https://www.kali.org/blog/abou
9. https://www.suse.com/security/
10. https://news.opensuse.org/2024