Publicly accessible Google VM instance contains critical vulnerability CVE-2024-3094 (RCE in liblzma and xz versions 5.6.0 and 5.6.1)

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

A publicly accessible host is affected by CVE-2024-3094. The vulnerability is found in liblzma and xz versions 5.6.0 and 5.6.1. The vulnerable libraries contained the ability for remote code execution.

Not all distributions are affected, for more information see the security center post.

Remediation

  1. Evaluate the need for public accessability for your instance and remove it from the public internet if possible.
  2. To manually determine if your systems are running the affected version you can use the following shell command: $ xz --version
  3. It is recommended to downgrade the XZ Utils library to an uncompromised version such as 5.4.6. In addition, if you are using an affected distribution it is encouraged to hunt for any malicious activity involving the impacted instance.
PREVIEWING: safchain/fix-custom-agent