Linode Open-source library XZ Utils Vulnerability (CVE-2024-3094)

eva2000 · 2024-04-02

Apr 1, 21:37 UTC Resolved - We are aware of the reported supply chain compromise in the XZ Utils data compression library (CVE-2024-3094, https://nvd.nist.gov/vuln/detail/CVE-2024-3094) which affects versions 5.6.0 and 5.6.1 of the xz-utils package....

Discussion in 'VPS Provider Network Status' started by eva2000, Apr 2, 2024.

Previous Thread Next Thread

Apr 2, 2024 #1

eva2000 Administrator Staff Member

58,895

12,490

113

May 24, 2014

Brisbane, Australia

Ratings:

+19,122

Local Time:

8:10 PM

Nginx 1.31.x

MariaDB 10.x/11.4+/12.3+

Apr 1, 21:37 UTC
Resolved - We are aware of the reported supply chain compromise in the XZ Utils data compression library (CVE-2024-3094, https://nvd.nist.gov/vuln/detail/CVE-2024-3094) which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This vulnerability attempts to introduce the ability for an attacker to remotely execute commands in OpenSSH through the use of the liblzma library within some operating system environments.

We have assessed the vulnerability, and determined that the Akamai Platform is not affected and customers are protected.

For more information about this vulnerability, please see:

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4

Thank you for your continued support.

Continue reading...

Previous Thread Next Thread

(You must log in or sign up to reply here.)

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Linode Open-source library XZ Utils Vulnerability (CVE-2024-3094)

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Linode Open-source library XZ Utils Vulnerability (CVE-2024-3094)

eva2000 Administrator Staff Member

.