UCS unaffected by the OpenSSH/XZ/liblzma supply chain vulnerability (CVE-2024-3094)

A supply chain compromise has been discovered affecting the XZ compression library with the apparent purpose of implanting a backdoor into sshd on systemd driven distributions. Current state of analysis indicates that no version of UCS is affected. The same applies to UCS based container images used e.g. in Nubus, openDesk and related products and also to the UCS 5.2 Beta 1; all of these Univention products are not affected (status: Vulnerable code not present).

The vulnerability is tracked as CVE-2024-3094 and the linked Debian Security tracker page contains links to the usual places like NVD etc.