To view this email as a web page, go to the following address:
https://more.suse.com/index.php/email/emailWebview?mkt_tok=OTM3LURDSC0yNjEAAAGSKv57phH9HLVRlvenxAC-kd8qOjFZMFNjF5v8XAlckLpv5JYKwURZ9cACgYOQJT3yCEXXmOkszp6RF_XrRzjUI_GjasijFO-iJezUvg7vH0reyQ&md_id=44775
Dear Customer,
True to our promise of openness, we would like to make you aware of a newly discovered backdoor in XZ that impacts openSUSE Tumbleweed, a community distribution from openSUSE. There is no impact to the SUSE Linux Enterprise, SUSE Rancher or SUSE Edge products you use, but we wanted to provide you with what we know to reassure you.
In short, it has been reported that the xz / liblzma library was backdoored. This backdoor was introduced in the upstream GitHub xz project with release 5.6.0 in February 2024.
As mentioned, our SUSE Linux Enterprise products including SUSE Linux Enterprise Server and SUSE Linux Enterprise Micro as well as the openSUSE Leap and Leap Micro community distributions include prior versions of xz and are not affected. Additionally, SLE BCI, SUSE Rancher and SUSE Edge are also not affected. This means there is no impact to you and action for you to take.
If anything changes as more information becomes available, we will let you know. You can read more here <
https://em.suse.com/OTM3LURDSC0yNjEAAAGSKv57pkC9bQcp9DyVNOIEbr9tg1uxtJofy04i9IoQXcOGHT0ALzRSZMoSV7oLP8QAiqTlDgM=> and this issue is also tracked by CVE-2024-3094. <
https://em.suse.com/OTM3LURDSC0yNjEAAAGSKv57pvv2H7ajk04-wh_RW20xGicwak5EequQTrOgSjc5AnoEEgFBbUsyrkEVBBjF7jXvEP4=>
If you have additional questions, please reach out to your SUSE contact or the SUSE product security team at security_at_suse.de <
https://em.suse.com/OTM3LURDSC0yNjEAAAGSKv57pVMIawYhFHYMUUkyQw2769Dtp2_HFed_xJQX8GeGPsc14RJmHcmkrVc5AMHByw943R8=>.
Kind regards,
Marcus Meissner
Distinguished Engineer, SUSE Product Security Team
Received on Fri Mar 29 2024 - 22:07:57 CET