Security Notice About CVE-2024-3094 (xz-utils)

Thursday, April 11, 2024
Torizon

Torizon

A security flaw has been found in the xz project that, under certain conditions, can work as a backdoor for world-facing openSSH servers.
This vulnerability is not present in any of the Torizon OS (formerly TorizonCore) releases.
The affected xz versions are xz 5.6.0 and xz 5.6.1. However, our current Torizon OS releases follow the upstream OpenEmbedded project, which currently ships version 5.2.6.
On official Toradex Containers, we strictly ship Debian Stable (currently codenamed 'Bookworm'), which was also never affected by this vulnerability.

No action from our customers is needed.
You may choose to manually verify this information. If so, you can:

In the unlikely event that Torizon OS is affected by a future vulnerability, you will be able to securely and remotely update all your field devices to a newer version containing the fix. We provide frequent releases with long-term support, enabling you to keep your production fleet safe without any maintenance downtime.

Get Started With Torizon

Related News

Latest News

Wednesday, April 24, 2024

Press Release:

Toradex Strengthens Custom Solutions Offering with Acquisition of Linear Computing
Thursday, April 4, 2024

Press Release:

Introducing Aquila - The Next Generation Toradex SoM Family
Tuesday, February 20, 2024

Press Release:

Join Toradex at Japan IT Week Spring 2024
Have a Question?