CVE 2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Related bugs and status
CVE-2024-3094 (Candidate) is related to these bugs:
Bug #1970291: [nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1970291 | [nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions | mutter (Ubuntu) | Medium | Fix Released | ||
1970291 | [nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions | Mutter | Unknown | Fix Released | ||
1970291 | [nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions | GNOME Shell | Unknown | Fix Released |
Bug #2040977: Mouse cursor stutters if nothing else is animating on screen
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2040977 | Mouse cursor stutters if nothing else is animating on screen | mutter (Ubuntu) | Medium | Fix Released | ||
2040977 | Mouse cursor stutters if nothing else is animating on screen | Mutter | Unknown | New | ||
2040977 | Mouse cursor stutters if nothing else is animating on screen | linux (Ubuntu) | Undecided | Opinion |
Bug #2051754: Live migration fails (missing vmx features)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2051754 | Live migration fails (missing vmx features) | libvirt (Ubuntu) | Critical | Fix Released | ||
2051754 | Live migration fails (missing vmx features) | libvirt | Unknown | Fix Released |
Bug #2052929: failed autopkgtests for evolver vs glibc 2.39 on amd64
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | glibc (Ubuntu) | High | Invalid | ||
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | evolver (Ubuntu) | Undecided | New | ||
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | evolver (Debian) | Unknown | Fix Released | ||
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | gcc-14 (Ubuntu) | Undecided | Fix Released | ||
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | gcc-13 (Ubuntu) | Undecided | Fix Released | ||
2052929 | failed autopkgtests for evolver vs glibc 2.39 on amd64 | gcc | Medium | In Progress |
Bug #2055151: kea-ctrl-agent segfault in ppc64el dep8 test
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2055151 | kea-ctrl-agent segfault in ppc64el dep8 test | isc-kea (Ubuntu) | High | Fix Released |
Bug #2055175: [UBUNTU 23.10] s390x: clone clobbers r7
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2055175 | [UBUNTU 23.10] s390x: clone clobbers r7 | glibc (Ubuntu) | High | Fix Released | ||
2055175 | [UBUNTU 23.10] s390x: clone clobbers r7 | Ubuntu on IBM z Systems | Medium | Fix Released | ||
2055175 | [UBUNTU 23.10] s390x: clone clobbers r7 | glibc (Ubuntu Mantic) | Undecided | Won't Fix | ||
2055175 | [UBUNTU 23.10] s390x: clone clobbers r7 | glibc (Ubuntu Noble) | High | Fix Released |
Bug #2055258: No test suite run at built time nor as autopkgtest
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2055258 | No test suite run at built time nor as autopkgtest | libtraceevent (Ubuntu) | High | Fix Released |
Bug #2055422: Please sync xz-utils 5.6.0-0.2 from Debian experimental
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2055422 | Please sync xz-utils 5.6.0-0.2 from Debian experimental | xz-utils (Ubuntu) | Undecided | Invalid |
Bug #2055783: "Unnamed" actions on Rhythmbox's icon right-click menu
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2055783 | "Unnamed" actions on Rhythmbox's icon right-click menu | rhythmbox (Ubuntu) | Medium | Fix Released |
Bug #2057792: Some Games are crashing linked to a vm_max_map_count too low
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2057792 | Some Games are crashing linked to a vm_max_map_count too low | linux (Ubuntu) | Undecided | Won't Fix | ||
2057792 | Some Games are crashing linked to a vm_max_map_count too low | procps (Ubuntu) | High | Fix Released | ||
2057792 | Some Games are crashing linked to a vm_max_map_count too low | gamemode (Ubuntu) | Undecided | Confirmed |
Bug #2058045: please upgrade: lighttpd 1.4.76
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2058045 | please upgrade: lighttpd 1.4.76 | lighttpd (Ubuntu) | Undecided | Confirmed |
Bug #2058277: [SRU] 2.62
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2058277 | [SRU] 2.62 | snapd (Ubuntu) | Undecided | Fix Released | ||
2058277 | [SRU] 2.62 | snapd (Ubuntu Focal) | Undecided | Fix Released | ||
2058277 | [SRU] 2.62 | snapd (Ubuntu Noble) | Undecided | Fix Released | ||
2058277 | [SRU] 2.62 | snapd (Ubuntu Jammy) | Undecided | Fix Released | ||
2058277 | [SRU] 2.62 | snapd (Ubuntu Mantic) | Undecided | Fix Released |
Bug #2058466: glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2058466 | glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps | glibc (Ubuntu) | Undecided | Fix Released | ||
2058466 | glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps | GLibC | Low | Fix Released |
Bug #2058847: budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2058847 | budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0 | mutter (Ubuntu) | Undecided | New | ||
2058847 | budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0 | magpie (Ubuntu) | Undecided | Fix Released |
Bug #2059078: proposed-migration for faketime 0.9.10-2.1ubuntu1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059078 | proposed-migration for faketime 0.9.10-2.1ubuntu1 | faketime (Ubuntu) | Undecided | New | ||
2059078 | proposed-migration for faketime 0.9.10-2.1ubuntu1 | bash (Ubuntu) | Undecided | Fix Released | ||
2059078 | proposed-migration for faketime 0.9.10-2.1ubuntu1 | sssd (Ubuntu) | Undecided | New |
Bug #2059164: apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059164 | apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory | apbs (Ubuntu) | Undecided | Fix Released | ||
2059164 | apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory | apbs (Debian) | Unknown | New |
Bug #2059182: autopkgtests fail for dune-grid/2.9.0-2build1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059182 | autopkgtests fail for dune-grid/2.9.0-2build1 | dune-uggrid (Ubuntu) | Undecided | Fix Released |
Bug #2059278: glibc: apparmor userns mitigation breaks test suite (again)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059278 | glibc: apparmor userns mitigation breaks test suite (again) | glibc (Ubuntu) | Critical | Fix Released |
Bug #2059340: crash in libsofthsm2 on armhf after time_t transition
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059340 | crash in libsofthsm2 on armhf after time_t transition | softhsm2 (Ubuntu) | Undecided | Fix Released |
Bug #2059400: autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059400 | autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list | ovn (Ubuntu) | Undecided | Fix Released | ||
2059400 | autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list | openvswitch (Ubuntu) | Undecided | Fix Released |
Bug #2059862: Getting dependency error when trying to install vim on noble chroot
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059862 | Getting dependency error when trying to install vim on noble chroot | vim (Ubuntu) | Undecided | Invalid |
Bug #2059975: Remove from Noble
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059975 | Remove from Noble | ruby3.1 (Ubuntu) | Undecided | Fix Released |
Bug #2059985: libavformat60, libavcodec60 can't be installed on Noble because of version mismatches
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059985 | libavformat60, libavcodec60 can't be installed on Noble because of version mismatches | ffmpeg (Ubuntu) | Undecided | Fix Released |
Bug #2059986: libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059986 | libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed | zvbi (Ubuntu) | Undecided | Fix Released | ||
2059986 | libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed | ffmpeg (Ubuntu) | Undecided | Fix Released |
Bug #2059992: noble daily iso install with encrypted lvm fails to find /dev/mapper/ubuntu-vg--ubuntu-lv during first boot
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2059992 | noble daily iso install with encrypted lvm fails to find /dev/mapper/ubuntu-vg--ubuntu-lv during first boot | ubuntu-desktop-provision | Undecided | Invalid |
Bug #2060062: libpam0g-dev cannot be installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2060062 | libpam0g-dev cannot be installed | pam (Ubuntu) | Undecided | Invalid |
Bug #2060102: apt dist-upgrade uninstalls quassel-client
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2060102 | apt dist-upgrade uninstalls quassel-client | quassel (Ubuntu) | Undecided | New | ||
2060102 | apt dist-upgrade uninstalls quassel-client | qtbase-opensource-src (Ubuntu) | Undecided | New |
Bug #2060120: Unmet dependencies cause gparted to fail to install
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2060120 | Unmet dependencies cause gparted to fail to install | gparted (Ubuntu) | Undecided | New |
Bug #2060189: "apt-get dist-upgrade" command causes the graphic display to stop working - OS is broken
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2060189 | "apt-get dist-upgrade" command causes the graphic display to stop working - OS is broken | linux (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.