Launchpad.net

CVE 2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Related bugs and status

CVE-2024-3094 (Candidate) is related to these bugs:

Bug #1970291: [nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions

		In	Importance	Status
1970291	[nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions	mutter (Ubuntu)	Medium	Fix Released
1970291	[nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions	Mutter	Unknown	Fix Released
1970291	[nvidia] Secondary monitor performance is slow on an Nvidia hybrid system in Wayland sessions	GNOME Shell	Unknown	Fix Released

Bug #2040977: Mouse cursor stutters if nothing else is animating on screen

		In	Importance	Status
2040977	Mouse cursor stutters if nothing else is animating on screen	mutter (Ubuntu)	Medium	Fix Released
2040977	Mouse cursor stutters if nothing else is animating on screen	Mutter	Unknown	New
2040977	Mouse cursor stutters if nothing else is animating on screen	linux (Ubuntu)	Undecided	Opinion

Bug #2051754: Live migration fails (missing vmx features)

Summary				In	Importance	Status
	2051754	Live migration fails (missing vmx features)		libvirt (Ubuntu)	Critical	Fix Released
	2051754	Live migration fails (missing vmx features)		libvirt	Unknown	New

Bug #2052929: failed autopkgtests for evolver vs glibc 2.39 on amd64

		In	Importance	Status
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	glibc (Ubuntu)	High	Invalid
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	evolver (Ubuntu)	Undecided	New
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	evolver (Debian)	Unknown	Fix Released
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	gcc-14 (Ubuntu)	Undecided	Fix Released
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	gcc-13 (Ubuntu)	Undecided	Fix Released
2052929	failed autopkgtests for evolver vs glibc 2.39 on amd64	gcc	Medium	In Progress

Bug #2055151: kea-ctrl-agent segfault in ppc64el dep8 test

Summary				In	Importance	Status
	2055151	kea-ctrl-agent segfault in ppc64el dep8 test		isc-kea (Ubuntu)	High	Fix Released

Bug #2055175: [UBUNTU 23.10] s390x: clone clobbers r7

		In	Importance	Status
2055175	[UBUNTU 23.10] s390x: clone clobbers r7	glibc (Ubuntu)	High	Fix Released
2055175	[UBUNTU 23.10] s390x: clone clobbers r7	Ubuntu on IBM z Systems	Medium	Fix Released
2055175	[UBUNTU 23.10] s390x: clone clobbers r7	glibc (Ubuntu Mantic)	Undecided	Won't Fix
2055175	[UBUNTU 23.10] s390x: clone clobbers r7	glibc (Ubuntu Noble)	High	Fix Released

Bug #2055258: No test suite run at built time nor as autopkgtest

Summary				In	Importance	Status
	2055258	No test suite run at built time nor as autopkgtest		libtraceevent (Ubuntu)	High	Fix Released

Bug #2055422: Please sync xz-utils 5.6.0-0.2 from Debian experimental

Summary				In	Importance	Status
	2055422	Please sync xz-utils 5.6.0-0.2 from Debian experimental		xz-utils (Ubuntu)	Undecided	Invalid

Bug #2055783: "Unnamed" actions on Rhythmbox's icon right-click menu

Summary				In	Importance	Status
	2055783	"Unnamed" actions on Rhythmbox's icon right-click menu		rhythmbox (Ubuntu)	Medium	Fix Released

Bug #2057792: Some Games are crashing linked to a vm_max_map_count too low

		In	Importance	Status
2057792	Some Games are crashing linked to a vm_max_map_count too low	linux (Ubuntu)	Undecided	Won't Fix
2057792	Some Games are crashing linked to a vm_max_map_count too low	procps (Ubuntu)	High	Fix Released
2057792	Some Games are crashing linked to a vm_max_map_count too low	gamemode (Ubuntu)	Undecided	Confirmed

Bug #2058045: please upgrade: lighttpd 1.4.76

Summary				In	Importance	Status
	2058045	please upgrade: lighttpd 1.4.76		lighttpd (Ubuntu)	Undecided	Confirmed

Bug #2058277: [SRU] 2.62

		In	Importance	Status
2058277	[SRU] 2.62	snapd (Ubuntu)	Undecided	Fix Released
2058277	[SRU] 2.62	snapd (Ubuntu Focal)	Undecided	Fix Released
2058277	[SRU] 2.62	snapd (Ubuntu Noble)	Undecided	Fix Released
2058277	[SRU] 2.62	snapd (Ubuntu Jammy)	Undecided	Fix Released
2058277	[SRU] 2.62	snapd (Ubuntu Mantic)	Undecided	Fix Released

Bug #2058466: glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps

Summary				In	Importance	Status
	2058466	glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps		glibc (Ubuntu)	Undecided	Fix Released
	2058466	glibc 2.39 test failure on ppc64el: elf/tst-decorate-maps		GLibC	Low	Fix Released

Bug #2058847: budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0

Summary				In	Importance	Status
	2058847	budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0		mutter (Ubuntu)	Undecided	New
	2058847	budgie-wm crashes immediately when mutter-common has been upgraded to version 46.0		magpie (Ubuntu)	Undecided	Fix Released

Bug #2059078: proposed-migration for faketime 0.9.10-2.1ubuntu1

		In	Importance	Status
2059078	proposed-migration for faketime 0.9.10-2.1ubuntu1	faketime (Ubuntu)	Undecided	New
2059078	proposed-migration for faketime 0.9.10-2.1ubuntu1	bash (Ubuntu)	Undecided	Fix Released
2059078	proposed-migration for faketime 0.9.10-2.1ubuntu1	sssd (Ubuntu)	Undecided	New

Bug #2059164: apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory

Summary				In	Importance	Status
	2059164	apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory		apbs (Ubuntu)	Undecided	Fix Released
	2059164	apbs: autopkgtest regression: apbs_tester.py': [Errno 2] No such file or directory		apbs (Debian)	Unknown	New

Bug #2059182: autopkgtests fail for dune-grid/2.9.0-2build1

Summary				In	Importance	Status
	2059182	autopkgtests fail for dune-grid/2.9.0-2build1		dune-uggrid (Ubuntu)	Undecided	Fix Released

Bug #2059278: glibc: apparmor userns mitigation breaks test suite (again)

Summary				In	Importance	Status
	2059278	glibc: apparmor userns mitigation breaks test suite (again)		glibc (Ubuntu)	Critical	Fix Released

Bug #2059340: crash in libsofthsm2 on armhf after time_t transition

Summary				In	Importance	Status
	2059340	crash in libsofthsm2 on armhf after time_t transition		softhsm2 (Ubuntu)	Undecided	Fix Released

Bug #2059400: autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list

Summary				In	Importance	Status
	2059400	autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list		ovn (Ubuntu)	Undecided	Fix Released
	2059400	autopkgtest fails on arm64: EAL: eal_memalloc_alloc_seg_bulk(): couldn't find suitable memseg_list		openvswitch (Ubuntu)	Undecided	Fix Released

Bug #2059862: Getting dependency error when trying to install vim on noble chroot

Summary				In	Importance	Status
	2059862	Getting dependency error when trying to install vim on noble chroot		vim (Ubuntu)	Undecided	Invalid

Bug #2059975: Remove from Noble

Summary				In	Importance	Status
	2059975	Remove from Noble		ruby3.1 (Ubuntu)	Undecided	Fix Released

Bug #2059985: libavformat60, libavcodec60 can't be installed on Noble because of version mismatches

Summary				In	Importance	Status
	2059985	libavformat60, libavcodec60 can't be installed on Noble because of version mismatches		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #2059986: libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed

Summary				In	Importance	Status
	2059986	libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed		zvbi (Ubuntu)	Undecided	Fix Released
	2059986	libzvbi0 : Depends: libzvbi-common (= 0.2.42-1.1) but 0.2.42-1.2 is to be installed		ffmpeg (Ubuntu)	Undecided	Fix Released

Bug #2059992: noble daily iso install with encrypted lvm fails to find /dev/mapper/ubuntu-vg--ubuntu-lv during first boot

Summary				In	Importance	Status
	2059992	noble daily iso install with encrypted lvm fails to find /dev/mapper/ubuntu-vg--ubuntu-lv during first boot		ubuntu-desktop-provision	Undecided	Invalid

Bug #2060062: libpam0g-dev cannot be installed

Summary				In	Importance	Status
	2060062	libpam0g-dev cannot be installed		pam (Ubuntu)	Undecided	Invalid

Bug #2060102: apt dist-upgrade uninstalls quassel-client

Summary				In	Importance	Status
	2060102	apt dist-upgrade uninstalls quassel-client		quassel (Ubuntu)	Undecided	New
	2060102	apt dist-upgrade uninstalls quassel-client		qtbase-opensource-src (Ubuntu)	Undecided	New

Bug #2060120: Unmet dependencies cause gparted to fail to install

Summary				In	Importance	Status
	2060120	Unmet dependencies cause gparted to fail to install		gparted (Ubuntu)	Undecided	New

Bug #2060189: "apt-get dist-upgrade" command causes the graphic display to stop working - OS is broken

Summary				In	Importance	Status
	2060189	"apt-get dist-upgrade" command causes the graphic display to stop working - OS is broken		linux (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2024-3094

Related bugs and status

Related bugs

References