How to inform project user about the urgent need to update openSUSE MicroOS (CVE-2024-3094) #1304
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
The upstream project xz/liblzma project, which for openSUSE MicroOS is used to compile OpenSSH, contains a backdoor that is now publicly known.
Given the severity of the issue, I believe the project should post a disclaimer urging its current users to ensure their nodes are updated.
But what do the community think?
The first report on the issue: https://www.openwall.com/lists/oss-security/2024/03/29/4
openSUSE post: https://news.opensuse.org/2024/03/29/xz-backdoor/
CVE: https://www.suse.com/security/cve/CVE-2024-3094.html
RedHat post: https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
Beta Was this translation helpful? Give feedback.
All reactions