1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Docker could still be hosting a whole load of potentially malicio

    From TechnologyDaily@1337:1/100 to All on Wednesday, August 13, 2025 18:15:09
    Docker could still be hosting a whole load of potentially malicious images - putting users at risk

    Date:
    Wed, 13 Aug 2025 17:07:00 +0000

    Description:
    Devs are keeping the malicious packages, claiming they're undated and shouldn't be used anyway.

    FULL STORY ======================================================================XZ-Utils
    backdoor was found over a year ago Despite warnings, some Linux images still contain it Debian won't budge as the images are "historical artifacts"

    At least 35 Linux images hosted on Docker Hub contain dangerous backdoor malware , which could put software developers and their products at risk of takeover, data theft, ransomware, and more.

    At least some of the images, however, will remain on the site and will not be removed, since they are outdated anyway and shouldnt be used.

    In March 2024, the open source community was stunned when security
    researchers spotted XZ Utils, a piece of malicious code, in the upstream xz-utils releases 5.6.0 and 5.6.1 (the liblzma.so library) that briefly propagated into some Linux distro packages (not their stable releases). The backdoor was inserted by a developer named Jia Tan who, in the two years leading up to that moment, built significant credibility in the community through various contributions. Debian, Fedora, and others

    Now, security researchers at Binarly have said malicious xz-utils packages containing the backdoor were distributed in certain branches of several Linux distributions, including Debian, Fedora and OpenSUSE.

    This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included. This had serious implications for the software supply chain, as it became challenging to quickly identify all the places where the backdoored library had been included.

    Binarly's experts are now saying several Docker images, built around the time of the compromise, also contain the backdoor. It says that at first glance,
    it might not seem alarming since if the distribution packages were
    backdoored, then any Docker images based on them would be backdoored, as
    well.

    However, the researchers said some of the compromised images are still available on Docker Hub, and were even used in building other images which have also been transitively infected. Binarly said it found only 35 images because it focused solely on Debian images:

    The impact on Docker images from Fedora, OpenSUSE, and other distributions that were impacted by the XZ Utils backdoor remains unknown at this time.

    Debian said it wouldnt be removing the malicious images since theyre outdated anyway and shouldnt be used. They will be left as historical artifacts.

    Via BleepingComputer You might also like Latest Ubuntu beta and other Linux distros delayed by xz-utils security issues Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/docker-could-still-be-hosting-a-whole-l oad-of-potentially-malicious-images-putting-users-at-risk


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)