The Instaclustr Security team has evaluated a critical vulnerability impacting versions 5.6.0 and 5.6.1 of XZ tools and libraries. These versions of the software may allow unauthorized access to affected systems. More detail can be found via this link: CVE-2024-3094.
Instaclustr has analyzed and searched our fleet and found no vulnerable versions of xz-utils present. Customers with self-managed clusters should investigate whether any of the operating systems hosting clusters are vulnerable.
If you have any queries regarding this vulnerability and how it relates to Instaclustr services, please contact [email protected]