Join the community today
Register Now

Linode Open-source library XZ Utils Vulnerability (CVE-2024-3094)

Discussion in 'VPS Provider Network Status' started by eva2000, Apr 2, 2024.

  1. eva2000

    eva2000 Administrator Staff Member

    51,609
    11,933
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,420
    Local Time:
    8:35 PM
    Nginx 1.25.x
    MariaDB 10.x
    Apr 1, 21:37 UTC
    Resolved - We are aware of the reported supply chain compromise in the XZ Utils data compression library (CVE-2024-3094, https://nvd.nist.gov/vuln/detail/CVE-2024-3094) which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This vulnerability attempts to introduce the ability for an attacker to remotely execute commands in OpenSSH through the use of the liblzma library within some operating system environments.

    We have assessed the vulnerability, and determined that the Akamai Platform is not affected and customers are protected.

    For more information about this vulnerability, please see:

    https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
    https://www.openwall.com/lists/oss-security/2024/03/29/4



    Thank you for your continued support.

    Continue reading...