Security ID : QSA-24-19

Vulnerability in XZ Utils

Release date : April 1, 2024
CVE identifier : CVE-2024-3094
Affected products: N/A

Severity

None

Status

Not Affected

Summary

A critical security vulnerability has been discovered in XZ Utils versions 5.6.0 and 5.6.1. This vulnerability allows unauthorized remote access to systems via a backdoor embedded in the liblzma library. If exploited, users are at risk of unauthorized remote access to their systems

QTS, QuTS hero, and QuTScloud are not affected.

Recommendation

To verify if your system is affected by the vulnerability, you can run the following command in SSH with administrator privileges:

xz --version

If the listed version is not 5.6.0 or 5.6.1, your system is secure.

We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Revision History: V1.0 (April 02, 2024) - Published

Stockage

Réseau

Accessoires d’extension

Surveillance

NAS

Réseau

Surveillance

Summary

Recommendation

Ce site est disponible dans d'autres pays/régions :

Asia

Europe

America

Global