The Latest QNAP Networks News
Product and Solution Information, Press Releases, Announcements
QNAP Releases New QTS for the Turbo NAS with Fix on GNU Bash Environment Variable Command Injection Vulnerability | |
Posted: Mon Sep 29, 2014 02:51:04 PM | |
Taipei, Taiwan, September 29, 2014 – QNAP®, Inc. today released a new version of QTS for its Turbo NAS lineup, fixing the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271 and CVE-2014-7169), also known as “Shellshock,” that can allow attackers to gain remote control over UNIX/Linux-based systems. The Turbo NAS may also be affected under certain conditions. QNAP’s security lab has verified the QTS version 4.1.1 Build 0927 and confirmed it has fixed the CVE-2014-6271 and CVE-2014-7169 vulnerability. Users are strongly advised to update their Turbo NAS units to this QTS version. As the GNU Bash still have potential issues on CVE-2014-6277, which is not confirmed to be solved yet, QNAP will keep on watching the solution provided by GNU and release the corresponding hot fixes. QTS 4.1.1 Build 0927 is now available for update directly on the Turbo NAS management interface (QTS) and on QNAP’s official download site (http://www.qnap.com/download) for the following Turbo NAS models:
|