=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN387

_____________________________________________________________________

DATE                : 10/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):QTS, QuTS hero running ClamAV versions prior to
                                 5.0.1.2376 build 20230421,
                           QuTScloud versions prior to c5.0.1.2374.

=====================================================================
https://www.qnap.com/en/security-advisory/qsa-23-26
_____________________________________________________________________

Security ID : QSA-23-26
Vulnerabilities in ClamAV

     Release date : October 7, 2023

     CVE identifier : CVE-2023-20032 | CVE-2023-20052

     Affected products: QTS 5.0.x, QuTS hero h5.0.x, QuTScloud c5.0.1


Severity
Medium


Status
Resolved


Summary

Multiple vulnerabilities have been reported in ClamAV.

We have already fixed the vulnerabilities in the following affected
QNAP operating systems:


Affected Product        Fixed Version
QTS 5.0.x               QTS 5.0.1.2376 build 20230421 and later
QuTS hero h5.0.x        QuTS hero h5.0.1.2376 build 20230421 and later
QuTScloud c5.0.1        QuTScloud c5.0.1.2374 and later


Recommendation

To secure your device, we recommend regularly updating your system to
the latest version to benefit from vulnerability fixes. You can check
the product support status to see the latest updates available to your
NAS model.

Updating QTS, QuTS hero, or QuTScloud

     Log in to QTS, QuTS hero, or QuTScloud as an administrator.
     Go to Control Panel > System > Firmware Update.
     Under Live Update, click Check for Update.
     The system downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to
Support > Download Center and then perform a manual update for your
specific device.


Attachment

     QSA-23-26.json


Revision History:
V1.0 (October 07, 2023) - Published



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================