Advisory on CVE-2024-3094

Backdoor in XZ Utils

On March 29, 2024, the Openwall oss-security mailing list published information about a backdoor in the compression utility/library xz/liblzma. This backdoor affects sshd in some rolling and testing Linux distributions. The CVE ID CVE-2024-3094 is assigned to this vulnerability and has a Critical severity with Common Vulnerability Scoring System (CVSS) of 10 score.

For more information, refer to the official Red Hat Blog.

Impacted IONOS Cloud Products

IONOS Cloud infrastructure and services do not utilize the vulnerable software, so they are not impacted.

What action can IONOS customers take to mitigate the vulnerability?

If you are using custom images, we advise you to refer to the information provided by the Operating System (OS) vendor to address any concerns from this reported issue.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.