Cve-2024-3094

Daniells · May 1, 2024, 5:46pm

Good morning Kaisen team, I currently use kaisen linux for maintenance at points of sale in a multinational here in Brazil, and I saw that we had a major vulnerability problem (CVE-2024-3094) with XZ utils. Is this within the current version of Kaisen Linux? because I use distribution on servers and I was very concerned about this.

jfbcefim · May 3, 2024, 5:21am

Hello. Can you give more details please ? (version, etc. )

jfbcefim · May 3, 2024, 5:40am

In all cases i suggest to update as soon as possible.

Daniells · May 3, 2024, 12:55pm

Good morning,

Recently a vulnerability was discovered in the XZ utilities, where malicious codes were implemented in the development of this module where it is possible for the attacker to have access via ssh, I would like to know if this module affected our distribution, as kaisen is based on Debian I was a little scared .

Below is an article about CVE-2024-3094

Note: the article is in the language of my country, Portuguese

Kaisen · May 5, 2024, 5:23pm

Hello,

This CVE was fixed on Kaisen the day of it’s published.

You may update your system to apply the fix (the fix is a roolback of the installed version).

Daniells · May 5, 2024, 10:20pm

Thank you, Kevin.

Kaisen · May 15, 2024, 2:01pm

With pleasure, thanks again for your feedback!