Upgrade to QTS 4.1.1 B1003 for Security Enhancements

Welcome note and must-know for QNAP Forum members.
Locked
User avatar
QNAPJason
QNAP Staff
Posts: 5398
Joined: Thu May 21, 2009 2:14 pm
Location: Taipei

Upgrade to QTS 4.1.1 B1003 for Security Enhancements

Post by QNAPJason »

Subject: Protect Your Turbo NAS from Remote Attackers - Bash (Shellshock) Vulnerabilities
Release date: October 5, 2014
Severity rating: Critical
CVE number: CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 and CVE-2014-7187
Affected product: All Turbo NAS models except TS-100, TS-101, TS-200

Summary:
GNU Bash security vulnerabilities (CVE-2014-6271、CVE-2014-7169、 CVE-2014-6277、CVE-2014-6278、CVE-2014-7186 , and CVE-2014-7187), also known as “Shellshock,” might allow remote attackers to inject malicious code via specially-crafted environment variables and run commands from the Bash shell on UNIX/Linux-based systems, including the Turbo NAS.

Solution:
QTS version 4.1.1 Build 1003 has integrated the official GNU Bash patches to fix these vulnerabilities. Users are strongly advised to update their Turbo NAS units to this QTS version through live update or download the QTS update file from the Download Center (http://www.qnap.com/download).

QTS 4.1.1 Build 1003 can be directly applied in the following two ways:

1. Live Update
Go to QTS -> Control Panel -> Firmware Update > Live Update

2. Manual Update
- Select your model and download the QTS from the QNAP website (http://www.qnap.com/download)
- Decompress the ZIP file.
- Go to QTS -> Control Panel ->Firmware Update- > Firmware Update Tab

Note: An update will be provided later for the following cases:
- For users who wish to continue to use QTS 4.0 and 3.8
- For QNAP TS-109/209/409/409U NAS series owners

If you have any questions regarding this issue, please contact us at http://helpdesk.qnap.com/
Locked

Return to “Announcements”