important, attention, exclamation mark

Vulnerability in ClamAV

Synology Feb 23, 2023

A CVE has been detected in the virusscanner ClamAV. I’m writing this post to notify my community because I write a lot about Synology.

Overview

Multiple vulnerabilities allow remote attackers to possibly execute arbitrary code or local users to obtain sensitive information via a susceptible version of Antivirus Essential, Synology Mail Server, and Synology MailPlus Server.

What is a CVE?

CVE stands for Common Vulnerabilities and Exposures, a CVE provides a reference method for publicly known information security vulnerabilities and exposures. More information: Wikipedia CVE

Actions

The advice is to update the following Synology packages as soon as the update is available.

  • Antivirus Essential
  • Synology Mail Server
  • Synology MailPlus Server
Security Update

Tags