The xz-utils package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.
With a library this widely used, the severity of this vulnerability poses a threat to the entire Linux ecosystem. Luckily, this issue was caught quickly so the impact was significantly less than it could have been. It has already been patched in Debian, and therefore, Kali Linux.
check which version of xz-utils version installed:
xz --version
# or
apt-cache policy liblzma5
# or
dpkg-query -l '*xz*'
# or
dpkg-query -l | grep xz
# To update to the latest safe version:
sudo apt update && sudo apt install -y --only-upgrade liblzma5
# or if not already installed:
sudo apt-get install xz-utils