A security vulnerability was deliberately introduced into the widely used open source project known as “xz”. This project is installed by default on many operating systems and a large portion of available software depends on it. The vulnerability has been assigned the identifier CVE-2024-3094.
Systems running vulnerable versions may allow an attacker to gain unauthorised access through the SSH remote access protocol, if the SSH server on the system is linked to the affected packages.
Fortunately the vulnerability was discovered before it reached most operating systems. However, if you are running a pre-release version of any Debian or Red Hat distribution, you may be affected and should install available security updates and check for signs of unauthorised access.
Chatrix.One XMPP Server
The server software we use to provide the XMPP service is based on Ubuntu and Debian base images. We can confirm that Chatrix.One uses stable releases and has no vulnerable packages installed.
Although the vulnerability does not affect the XMPP service provided by Chatrix.One, always check for available security updates for your operating system. That is the only mechanism that can help protect against vulnerabilities.