.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Informational
Advisory: Upstream Backdoor in XZ library
CVE(N)
CVE-2024-3094
PRODUKT(E)
Cloud Optix
Sophos Endpoint
Sophos Central
Sophos Email
Sophos Firewall
Sophos Home
Sophos Mobile
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
Sophos ZTNA
SophosLabs Intelix
Aktualisiert
2024 Apr 1
Artikelversion
1
Erstellt
2024 Apr 1
Veröffentlichungs-ID
sophos-sa-20240401-XZ Backdoor
Workaround
No
Overview
On friday March 29, 2024, Andres Freund announced the discovery of a backdoor in XZ/Liblzma to the Open Source Software (OSS) Security mailing list.
Liblzma is a widely used compression library; used in tools such as XZ, it is also an integral part of many other programs. It was specifically modified to allow backdoor access via SSH on linux. The backdoor is present in XZ Versions 5.6.0 and 5.6.1.
What Sophos products are affected?
The following products have been reviewed against the XZ backdoor vulnerability:
| Product or Service | Status | Description |
|---|---|---|
| Cloud Optix | Not affected | Vulnerable code not present |
| SG UTM (all versions) | Not affected | Vulnerable code not present |
| Sophos Central | Not affected | Vulnerable code not present |
| Sophos Endpoint protection (Windows) | Not affected | Vulnerable code not present |
| Sophos Endpoint protection (macOS) | Not affected | Vulnerable code not present |
| Sophos Endpoint protection (Linux) | Not affected | Vulnerable code not present |
| Sophos Email | Not affected | Vulnerable code not present |
| Sophos Firewall (all versions) | Not affected | Vulnerable code not present |
| SophosConnect client | Not affected | Vulnerable code not present |
| Sophos Home (macOS) | Not affected | Vulnerable code not present |
| Sophos Mobile | Not affected | Vulnerable code not present |
| Sophos Mobile EAS Proxy | Not affected | Vulnerable code not present |
| Sophos Mobile Control app (iOS + Android) | Not affected | Vulnerable code not present |
| Sophos Intercept X for Mobile app (iOS + Android) | Not affected | Vulnerable code not present |
| Sophos Chrome Security | Not affected | Vulnerable code not present |
| Sophos PhishThreat | Not affected | Vulnerable code not present |
| Sophos RED | Not affected | Vulnerable code not present |
| Sophos AP/APX | Not affected | Vulnerable code not present |
| Sophos ZTNA | Not affected | Vulnerable code not present |
| Sophos Switch | Not affected | Vulnerable code not present |
| SophosLabs Intelix | Not affected | Vulnerable code not present |
| Sophos DNS Protection | Not affected | Vulnerable code not present |
| Sophos SASI (AntiSpam) | Not affected | Vulnerable code not present |
| SUSI | Not affected | Vulnerable code not present |
| AV Engine (all platforms) | Not affected | Vulnerable code not present |
Related Information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.