Backdoor Found in Open-Source Linux Tool, Nearly Added Undetected to Major Distros
• Software engineer Andres Freund uncovered a backdoor accidentally that was about to be added to major Linux operating systems
• The backdoor was found in XZ Utils, an open-source data compression tool used widely in Linux
• The backdoor could allow remote code execution and spying on users' systems
• The backdoor made it into beta versions of Red Hat Fedora but not the main Red Hat Enterprise Linux
• The backdoor is believed to have been slowly and carefully introduced over 3 years by a contributor named Jia Tan building trust