It looks like malicious code has been added to the Linux data compression program xz, which might result in a backdoor. The library's 5.6.0 and 5.6.1 versions should have the code. The xz repository and the xz tarballs have both been "backdoored," according to the discoverer's post on Openwall.
https://www.openwall.com/lists/oss-security/2024/03/29/4
RedHat filed the CVE today, and it now has a preliminary criticality score of 10: https://nvd.nist.gov/vuln/detail/CVE-2024-3094
In addition to Red Hat, several other Linux derivatives are affected.
Xz should be either uninstalled (if feasible) or rolled back to an earlier version when you are using this library. A minimum of an examination is required.
Especially if you are using Veeam proxys and/or Veeam hardened repositories based on Linux you should take action to protect your environment...