Recently, a vulnerability was reported in the xz library:

https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

https://www.cve.org/CVERecord?id=CVE-2024-3094

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

https://www.openwall.com/lists/oss-security/2024/03/29/4

https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

Security Onion is NOT affected by this vulnerability.

Searching for xz Vulnerability across non-Security Onion Devices

If you have Security Onion deployed in your enterprise with Elastic Agent deployed to your endpoints, you can use Osquery Manager to search for vulnerable xz packages as shown in these Github gists by James Spiteri.

Linux:

https://gist.github.com/jamesspi/ee8319f55d49b4f44345c626f80c430f

macOS:

https://gist.github.com/jamesspi/5cb060b5e0e2d43222a71c876b56daab

For example, here’s the Linux query run across several Linux endpoints (hostnames excluded from the screenshot):