Advisory: Upstream Backdoor in XZ library

Sophos Security Advisory

Advisory: Upstream Backdoor in XZ library
juliancooper

Summary

Overview

On friday March 29, 2024, Andres Freund announced the discovery of a backdoor in XZ/Liblzma to the Open Source Software (OSS) Security mailing list.

Liblzma is a widely used compression library; used in tools such as XZ, it is also an integral part of many other programs. It was specifically modified to allow backdoor access via SSH on linux. The backdoor is present in XZ Versions 5.6.0 and 5.6.1.

What Sophos products are affected?

The following products have been reviewed against the XZ backdoor vulnerability:

Product or ServiceStatusDescription
Cloud OptixNot affectedVulnerable code not present
SG UTM (all versions)Not affectedVulnerable code not present
Sophos CentralNot affectedVulnerable code not present
Sophos Endpoint protection (Windows)Not affectedVulnerable code not present
Sophos Endpoint protection (macOS)Not affectedVulnerable code not present
Sophos Endpoint protection (Linux)Under Investigation 
Sophos EmailNot affectedVulnerable code not present
Sophos Firewall (all versions)Not affectedVulnerable code not present
SophosConnect clientNot affectedVulnerable code not present
Sophos Home (macOS)Not affectedVulnerable code not present
Sophos MobileUnder Investigation 
Sophos Mobile EAS ProxyUnder Investigation 
Sophos Mobile Control app (iOS + Android)Under Investigation 
Sophos Intercept X for Mobile app (iOS + Android)Under Investigation 
Sophos Chrome SecurityUnder Investigation 
Sophos PhishThreatUnder Investigation 
Sophos REDNot affectedVulnerable code not present
Sophos AP/APXNot affectedVulnerable code not present
Sophos ZTNANot affectedVulnerable code not present
Sophos SwitchNot affectedVulnerable code not present
SophosLabs IntelixUnder Investigation 
Sophos DNS ProtectionUnder Investigation 
Sophos SASI (AntiSpam)Under Investigation 
SUSIUnder Investigation 
AV Engine (all platforms)Under Investigation 

Related Information

Severity
Informational

First Published

Updated

Publication ID
sophos-sa-20240401-XZ Backdoor

Workaround
No

Cloud Optix
Intercept X Endpoint
Intercept X for Server
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix

CVE-2024-3094

Article Version
1

READ MORE