[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-factory
Subject:    Re: xz security alert and CVE-2024-3094
From:       -pj via openSUSE Factory <factory () lists ! opensuse ! org>
Date:       2024-03-30 1:42:13
Message-ID: a76a786b-4785-4a39-8a35-acdaafba337f () gmx ! com
[Download RAW message or body]



On 03-29-2024 12:20PM, Ana Guerrero Lopez via openSUSE Factory wrote:
> Hi,
>
> If you're using an up-to-date Tumbleweed, please make sure to update as
> soon as possible your system.
>
> The latest versions of "xz" (5.6.0 and 5.6.1) contained malicious code (
> refer to CVE-2024-3094 ) and the package in Tumbleweed has been reverted
> back to version 5.4.
>
> After reading this mail, please update your system and ensure you're
> downgrading xz to the version *5.6.1.revertto5.4. *This version
> despite**itsname is version 5.4. Last step is reboot your system.
>
> Hopefully we'll have soon more detailed information about this CVE.
>
> Have a nice weekend!
>
> Ana from the openSUSE release team.

Thank you for the notification and your efforts.

-Best Wishes
[prev in list] [next in list] [prev in thread] [next in thread]