Fedora Linux 8546 Published by

Fedora Magazine has now also published a security alert regarding the compromised XZ packages. The Fedora Linux 40 and Rawhide distributions are both impacted by this problem.



CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users

The Fedora Project was made aware of CVE-2024-3094 on Friday, March 29th related to the xz tools and libraries. At this time, Fedora Rawhide users are likely to have received the tainted package and Fedora Linux 40 Beta users may have received the package if they opted into updating from testing repositories. Fedora Linux 40 Beta users only using stable repositories are NOT impacted. Fedora Linux 39 and 38 users are also NOT impacted.

PLEASE IMMEDIATELY STOP USAGE FEDORA RAWHIDE for work or personal activity. Fedora Rawhide will be reverted to xz-5.4.x shortly, and once that is done, Fedora Rawhide instances can safely be redeployed. As a reminder,  Fedora Rawhide is the development distribution of Fedora Linux, and serves as the basis for future Fedora Linux builds (in this case, the yet-to-be-released Fedora Linux 41).

CVE-2024-3094: Urgent alert for Fedora Linux 40 and Rawhide users