Publication Date: 2024/03/29 12:30 PM PST
CVE Identifier: CVE-2024-3094

AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected.

Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue.

Security-related questions or concerns can be brought to our attention via