Docker Hub still hosts dozens of Linux images with the XZ backdoor
What’s new: The XZ-Utils backdoor, tracked under CVE-2024-3094, is still present in at least 35 Linux images on Docker Hub. This backdoor, found in versions 5.6.0 and 5.6.1 of the xz-utils compression tool, allows attackers to bypass SSH authentication and execute commands as root. Despite its discovery, Debian has opted not to remove the affected images from Docker Hub, citing low risk and the importance of archiving continuity.
Who’s affected
Organizations and developers using Docker images that rely on the compromised xz-utils library versions may be at risk. The backdoor affects images built on top of the infected base images, potentially impacting CI/CD pipelines and production systems.
What to do
- Check and ensure that the xz-utils library version is 5.6.2 or later in your Docker images.
- Avoid using outdated images from Docker Hub that may contain the backdoored library.
- Implement scanning tools to detect the XZ-Utils backdoor in your systems.
