The latest Ubuntu beta release, among other Linux distributions, has faced delays due to security issues with xz-utils, specifically a critical vulnerability identified as CVE-2024-3094. This vulnerability, which carries a CVSS score of 10 out of 10, affects the xz-utils compression software found in many Linux distributions and allows for remote code execution (RCE) on affected systems.

Ubuntu was quick to respond to the threat, removing the affected library from its Ubuntu 24.04 LTS (Noble Numbat) proposed builds as of March 28, 2024, and continuing investigations to fully understand the issue【18†source】. The vulnerability stems from malicious code introduced into the xz-utils library, affecting versions 5.6.0 and 5.6.1. This code enables unauthorized access and command execution on compromised systems【19†source】.

Linux distributions known to be affected include Fedora Linux 40 beta, Fedora Rawhide, openSUSE Tumbleweed and MicroOS, Debian testing, unstable and experimental versions, Kali Linux, and Arch Linux. Distributions like Ubuntu, Alpine Linux, Amazon Linux, Red Hat Enterprise Linux, Gentoo, and Linux Mint, have reported not being affected【19†source】.

This situation highlights the importance of rigorous security practices and the need for users and administrators of affected distributions to take immediate action, such as downgrading to an uncompromised version of xz-utils, to mitigate potential threats posed by this vulnerability.