This Qfix fixed the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187)
It includes all of the fixes as of QTS 4.1.1 Build 1003. It is not necessary to install this Qfix patch if you have updated your NAS to QTS 4.1.1 Build1003.
QTS 3.8.3, QTS 3.8.4, QTS 4.0.7, and QTS 4.1.0.
It is recommended that users upgrade to the above firmware and then apply the Qfix.
[Qfix 1.0.1 vs. 1.0.2]
The difference between Qfix 1.0.1 and 1.0.2 on Bash issue is:
The Qfix 1.0.1 includes the update from Red Hat for the CVE-2014-6277 & 6278.
The Qfix 1.0.2 includes the update from official GNU Bash patch update for the CVE-2014-6277 & 6278.
All models except for TS-109, 209, and 409.
For TS-109/209/409/409U, please get the new firmware from this post:
[How to install Qfix]
The Qfix can be installed in the following steps:
Download “Qfix for Bash security patch" v1.0.2 from the QNAP website (http://www.qnap.com/download)
Upzip the downloaded file to have a .qfix file
Go to “QTS > Control Panel > System Settings > Firmware Update > Firmware Update” to apply the Qfix.
http://download.qnap.com/Storage/Qfix/Q ... 86_ARM.zip
Welcome note and must-know for QNAP Forum members.
1 post • Page 1 of 1
- QNAP Staff
- Posts: 5400
- Joined: Thu May 21, 2009 2:14 pm
- Location: Taipei