Security notice: Snikket not affected by CVE-2024-3094
Posted by The Snikket Team on March 30 2024
A security vulnerability was intentionally added to a widely used open-source project known as ‘xz’. This project is packaged in many operating systems, and a lot of software depends upon it. The vulnerability has been assigned the identifier CVE-2024-3094.
Systems with the vulnerable package may allow an attacker to gain unauthorized access to the system via SSH, if your system’s SSH server was linked to the affected packages.
Thankfully, the vulnerability was discovered before it reached most operating systems. However if you are using a pre-release version of any Debian or Red Hat distribution, you may be affected and should install the available security updates and check for any signs of unauthorized access.
Snikket server
The Snikket server software builds upon Debian base images. We can confirm that Snikket uses the stable Debian release, and does not have the vulnerable packages.
Snikket Hosting
The Snikket Hosting platform is run on Debian servers. We also use the stable Debian release, and can confirm this vulnerability has not affected our service.
More information
Although the vulnerability does not affect Snikket itself, always ensure you install all available security updates for your host system to keep it secure.
Snikket Blog
Feed
Subscribe to our RSS feed for the latest updates from the Snikket project!
Recent Posts
- Snikket Android app temporarily unavailable in Google Play store [RESOLVED]
- Security notice: Snikket not affected by CVE-2024-3094
- Snikket Hosting is now available!
- Snikket Server - January 2024 release
- On the jabber.ru MITM attack
- State of Snikket 2023: Funding
- State of Snikket 2023: The Apps
- State of Snikket 2023