On March 29, 2024, the Openwall oss-security mailing list published information about a backdoor in the compression utility/library xz/liblzma. This backdoor affects sshd in some rolling and testing Linux distributions. The CVE ID CVE-2024-3094 is assigned to this vulnerability and has a Critical severity with Common Vulnerability Scoring System (CVSS) of 10 score.
For more information, refer to the official Red Hat Blog.
IONOS Cloud infrastructure and services do not utilize the vulnerable software, so they are not impacted.
If you are using custom images, we advise you to refer to the information provided by the Operating System (OS) vendor to address any concerns from this reported issue.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.