安全ID : QSA-24-19
Vulnerability in XZ Utils
发布日期 : April 1, 2024
通用漏洞披露 : CVE-2024-3094
受影响产品: N/A
严重程度
无
状态
未受影响
Summary
A critical security vulnerability has been discovered in XZ Utils versions 5.6.0 and 5.6.1. This vulnerability allows unauthorized remote access to systems via a backdoor embedded in the liblzma library. If exploited, users are at risk of unauthorized remote access to their systems
QTS, QuTS hero, and QuTScloud are not affected.
Recommendation
To verify if your system is affected by the vulnerability, you can run the following command in SSH with administrator privileges:
xz --version
If the listed version is not 5.6.0 or 5.6.1, your system is secure.
We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
修订历史: V1.0 (April 02, 2024) - Published
