A Security flaw has been found in the xz project that, under certain conditions, can work as a backdoor for world-facing openSSH servers.
This vulnerability is not present in any of the Torizon OS (formerly TorizonCore) releases.
The affected xz versions are xz 5.6.0 and xz 5.6.1. However, our current Torizon OS releases follow the upstream OpenEmbedded project, which currently ships version 5.2.6.
On official Toradex Containers, we strictly ship Debian Stable (currently codenamed 'Bookworm'), which was also never affected by this vulnerability.
No action from our customers is needed.
You may choose to manually verify this information. If so, you can:
- Refer to our manifest files.
- Use our Software Bill of Materials for both the Yocto Project and Containers.
- Refer to the official Debian CVE page.
Get Started With Torizon
- Learn more about Torizon.
- For instructions on installing and getting started, learning from the basics to the advanced, and much more, visit the Torizon page on the Toradex developer website.
This post first appeared on The Toradex Blog - Embedded Computing Solutions, please read the originial post: here
