Hallo,
die Email bekam ich heute:
Muss etwas unternehmen , denn ich habe nichts installiert mit dem Namen "XZ Utils"
Mod: Nicht deklariertes Zitat ohne Quellenangabe ... korrigiert! Forenregeln beachten und Die Zitat Funktion des Forums richtig nutzen
Zitat von QNAP Security AdvisoryAlles anzeigen
Bulletin ID: QSA-24-19 Taipei, Taiwan, April 2, 2024 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Vulnerability in XZ Utils
Security ID: QSA-24-19
Release date: April 2, 2024
CVE identifier: CVE-2024-3094
Severity: None
Status: Not Affected
Affected products: N/A
Summary
A critical security vulnerability has been discovered in XZ Utils versions 5.6.0 and 5.6.1. This vulnerability allows unauthorized remote access to systems via a backdoor embedded in the liblzma library. If exploited, users are at risk of unauthorized remote access to their systems.
QTS, QuTS hero, and QuTScloud are not affected.
Recommendation
To verify if your system is affected by the vulnerability, you can run the following command in SSH with administrator privileges:
xz --version
If the listed version is not 5.6.0 or 5.6.1, your system is secure.
We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
Revision History:
V1.0 (April 02, 2024) - Published
If you have any questions regarding this issue, please contact us at https://www.qnap.com/go/support-ticket/.