cybersecurity

5121 readers

22 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Docker Hub still hosts dozens of Linux images with the XZ backdoor (www.bleepingcomputer.com)

submitted 2 months ago by tonytins@pawb.social to c/cybersecurity

1 comments fedilink hide all child comments

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk.

[...]

Many CI/CD pipelines, developers, and production systems pull images directly from Docker Hub as base layers for their own containers, and if those images are compromised, the new build inherits the flaw or malicious code.

top 1 comments

sorted by: hot top controversial new old

[–] baod_rate@programming.dev 3 points 2 months ago

Debian says they intentionally opted not to remove these images from Docker Hub and to leave them as historical artifacts, telling users to only use up-to-date images and not old ones.

The maintainers made this decision as they believe the requirements for exploitation are unlikely, such as requiring sshd installed and running on the container, the attacker having network access to the SSH service on that container, and using a private key that matches the backdoor's trigger logic.

Idk that seems pretty reasonable to me. I think I've eojly ever needed to enable ssh on a container once