Security notice: Snikket not affected by CVE-2024-3094

Posted by The Snikket Team on March 30 2024

A security vulnerability was intentionally added to a widely used open-source project known as ‘xz’. This project is packaged in many operating systems, and a lot of software depends upon it. The vulnerability has been assigned the identifier CVE-2024-3094.

Systems with the vulnerable package may allow an attacker to gain unauthorized access to the system via SSH, if your system’s SSH server was linked to the affected packages.

Thankfully, the vulnerability was discovered before it reached most operating systems. However if you are using a pre-release version of any Debian or Red Hat distribution, you may be affected and should install the available security updates and check for any signs of unauthorized access.

Snikket server

The Snikket server software builds upon Debian base images. We can confirm that Snikket uses the stable Debian release, and does not have the vulnerable packages.

Snikket Hosting

The Snikket Hosting platform is run on Debian servers. We also use the stable Debian release, and can confirm this vulnerability has not affected our service.

More information

Although the vulnerability does not affect Snikket itself, always ensure you install all available security updates for your host system to keep it secure.