Update on the Bash security vulnerabilities - Oct 1, 2014

Welcome note and must-know for QNAP Forum members.
Locked
User avatar
QNAPJason
QNAP Staff
Posts: 5400
Joined: Thu May 21, 2009 2:14 pm
Location: Taipei

Update on the Bash security vulnerabilities - Oct 1, 2014

Post by QNAPJason » Wed Oct 01, 2014 10:52 pm

Dear customers,
Currently there are 6 related security vulnerabilities:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278

If the user has updated the NAS to QTS 4.1.1 B0927, the following 2 most serious security vulnerabilities will be fixed: CVE-2014-6271 & CVE-2014-7169.

QNAP will release a Qfix patch before this Friday (Oct. 3) for x86 & ARM NAS firmware with 3.8.x & 4.1.x that can fix the following issues:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277

For CVE-2014-6278 (resulted from the incomplete patch fix of CVE-2014-6277), we are still checking if the patch can fix it completely.

For TS-109/209/409 NAS users, even though the products are end-of-life(EOL), QNAP will also release a patch to fix the same security vulnerabilities.

Please note that TS-100, TS-101, TS-201 NAS are not affected by this security issue.

Locked

Return to “Announcements”