AVG-2851 log
| Package | xz |
| Status | Fixed |
| Severity | Critical |
| Type | authentication bypass |
| Affected | 5.6.0-1 |
| Fixed | 5.6.1-2 |
| Current | 5.6.1-3 [core] |
| Ticket | None |
| Created | Fri Mar 29 17:40:01 2024 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2024-3094 | Critical | Yes | Authentication bypass | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 29 Mar 2024 | ASA-202403-1 | xz | arbitrary code execution |
| References |
|---|
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users |