Hello,
I have several lxd containers running Ubuntu. Are the containers affected by xz vulnerability?
How do i update the affected containers?
Thanks
Hello,
I have several lxd containers running Ubuntu. Are the containers affected by xz vulnerability?
How do i update the affected containers?
Thanks
If they’re not on Noble, you shouldn’t be concerned.
Please see CVE-2024-3094 | Ubuntu for more info
The LXD snap uses xz from the core22 base package which is based on Ubuntu Jammy and so was not affected.
More accurately, even if you’re on Noble, you’re likely not impacted at all, unless you also enabled the noble-proposed
pocket (a conscious choice, as it’s not enabled at all by default) and downloaded the updated liblzma
package version 5.6.0 or 5.6.1 between Feb 28th and March 30th, when those packages were still resident in the pool for noble-proposed
.