A CRITICAL risk vulnerability CVE-2024-3094 has been found in recent versions of xz data compression tools.

Only a few Linux distributions use the versions affected, which does not include RHEL and its derivatives like RockyLinux and AlmaLinux. Hence most EGI sites will not be affected.

For more details about this vulnerabiity see https://advisories.egi.eu/Advisory-EGI-SVG-2024-07https://advisories.egi.eu/Advisory-EGI-SVG-2024-07