Critical xz package vulnerability discovered on Debian, CVE-2024-3094
TechRadar — March 31, 2024, 10:00 PM UTC
Summary: Microsoft employee Andres Freund discovered a critical vulnerability in the xz package on Debian installations, affecting versions 5.6.0 and 5.6.1. The vulnerability, with a maximum security rating, allows malicious code injection. Red Hat assigned CVE-2024-3094 to the issue. Users are advised to downgrade to version 5.4.6 or disable public-facing SSH servers. The vulnerability was caught early, preventing widespread exploitation.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.