Backdoored Debian Docker Images Linger Over a Year

A malicious backdoor was inserted into XZ Utils compression libraries in March 2024, targeting SSH via liblzma.so and affecting major Linux distributions.

Security researchers found 12 official Debian Docker images on Docker Hub still carrying the backdoor over 15 months later, along with 35 more derived containers.

Debian maintainers refused to remove the old development images, arguing they’re outdated, but researchers warn the lingering backdoor poses ongoing supply chain risks.

Subscribe to Similar Stories

Get notified when new stories are published for "Gen-Z Tech News"

No Sign-In needed. One-Click Subscribe.

•

Gen-Z Tech News•August 16, 2025 at 05:34 PM

Backdoored Debian Docker Images Linger Over a Year

A malicious backdoor was inserted into XZ Utils compression libraries in March 2024, targeting SSH via liblzma.so and affecting major Linux distributions.

Security researchers found 12 official Debian Docker images on Docker Hub still carrying the backdoor over 15 months later, along with 35 more derived containers.

Debian maintainers refused to remove the old development images, arguing they’re outdated, but researchers warn the lingering backdoor poses ongoing supply chain risks.

Subscribe to Similar Stories

Get notified when new stories are published for "Gen-Z Tech News"

No Sign-In needed. One-Click Subscribe.