Security Researchers Find XZ Utils Backdoored Debian Images on Docker Hub
8 days ago
- #Docker Containers
- #Supply Chain Attack
- #Linux Security
- The XZ Utils backdoor discovered in March 2024 affected major Linux distributions like Debian, Fedora, and OpenSUSE.
- Binarly researchers found 12 official Debian Docker images on Docker Hub still containing the XZ Utils backdoor, some over 15 months old.
- 35 additional images were built using these compromised base images, expanding the potential impact.
- Debian maintainers refused to remove the backdoored images, citing their age and development-only status.
- The incident highlights the persistence of supply chain attacks in container systems.