Hello,
I have several lxd containers running Ubuntu. Are the containers affected by xz vulnerability?
How do i update the affected containers?
Thanks
If they’re not on Noble, you shouldn’t be concerned.
2 Likes
Please see CVE-2024-3094 | Ubuntu for more info
The LXD snap uses xz from the core22 base package which is based on Ubuntu Jammy and so was not affected.
2 Likes
More accurately, even if you’re on Noble, you’re likely not impacted at all, unless you also enabled the noble-proposed pocket (a conscious choice, as it’s not enabled at all by default) and downloaded the updated liblzma package version 5.6.0 or 5.6.1 between Feb 28th and March 30th, when those packages were still resident in the pool for noble-proposed.
4 Likes