What are you looking for ?
Infinidat
Articles_top

Synology Security Advisory SA-24:06 XZ Utils

None of firm's products are affected by CVE-2024-3094 as vulnerability only affect XZ Utils 5.6.0 and 5.6.1.

Synology, Inc. had published a security advisory concerning XZ Utils.

Publish time: 2024-04-01 12:02:16 UTC+8
Last updated: 2024-04-01 12:02:16 UTC+8
Severity: Not affected
Status: Resolved

Abstract
None of firm’s products are affected by CVE-2024-3094 as this vulnerability only affect XZ Utils 5.6.0 and 5.6.1.

Affected products

Product

Severity

Fixed release availability

DSM 7.2

Not affected

N/A

DSM 7.1

Not affected

N/A

DSM 6.2

Not affected

N/A

DSMUC 3.1

Not affected

N/A

BSM 1.0

Not affected

N/A

SRM 1.3

Not affected

N/A

VS Firmware 1.0

Not affected

N/A

Camera Firmware 1.1

Not affected

N/A

Mitigation : None

Detail

  • CVE-2024-3094
    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N
    • Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

Reference

Revision

Revision

Date

Description

1

2024-04-01

Initial public release.

 

Articles_bottom
AIC
ATTO
OPEN-E