[ANN] [CVE-2024-3094] XZ > 5.4.6 has been backdoored by upstream commiter. RCE in sshd has been confirmed.

There are still much to investigate. If you are on debian or opensuse. Try to downgrade immediately.

Links:

• https://www.openwall.com/lists/oss-security/2024/03/29/4
• https://www.opencve.io/cve/CVE-2024-3094

Author: syntheticbird

Contact: @syntheticbird:monero.social

Note:

This is a free community message from syntheticbird.

Read the service announcement for more info.

Always DYOR and make use of reputable escrow services. I do not/can not verify anything. Report any suspicious messages.