ASAP: Upgrade your Linux systems and container images right now!
Andres Freund (Microsoft) and the PostgreSQL Developer & Committer, discovered that the upstream source tarballs for xz-utils, the xz-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Comments
Post a Comment