Page 1 of 1

Update on the Bash security vulnerabilities - Oct 1, 2014

Posted: Wed Oct 01, 2014 10:52 pm
by QNAPJason
Dear customers,
Currently there are 6 related security vulnerabilities:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278

If the user has updated the NAS to QTS 4.1.1 B0927, the following 2 most serious security vulnerabilities will be fixed: CVE-2014-6271 & CVE-2014-7169.

QNAP will release a Qfix patch before this Friday (Oct. 3) for x86 & ARM NAS firmware with 3.8.x & 4.1.x that can fix the following issues:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277

For CVE-2014-6278 (resulted from the incomplete patch fix of CVE-2014-6277), we are still checking if the patch can fix it completely.

For TS-109/209/409 NAS users, even though the products are end-of-life(EOL), QNAP will also release a patch to fix the same security vulnerabilities.

Please note that TS-100, TS-101, TS-201 NAS are not affected by this security issue.