Security ID : QSA-24-19

Vulnerability in XZ Utils

Release date : April 1, 2024
CVE identifier : CVE-2024-3094
Affected products: N/A

Severity

None

Status

Not Affected

Summary

A critical security vulnerability has been discovered in XZ Utils versions 5.6.0 and 5.6.1. This vulnerability allows unauthorized remote access to systems via a backdoor embedded in the liblzma library. If exploited, users are at risk of unauthorized remote access to their systems

QTS, QuTS hero, and QuTScloud are not affected.

Recommendation

To verify if your system is affected by the vulnerability, you can run the following command in SSH with administrator privileges:

xz --version

If the listed version is not 5.6.0 or 5.6.1, your system is secure.

We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Revision History: V1.0 (April 02, 2024) - Published

Storage

Rete

Accessori di espansione

Sorveglianza

NAS

Rete

Sorveglianza

Summary

Recommendation

Questo sito in altre nazioni/regioni

Asia

Europe

America

Global