28 - 03 - 2024
Login Form



 


Share this post

Submit to FacebookSubmit to TwitterSubmit to LinkedIn

QNAP® Systems Inc. today announced  firmware updates for Turbo NAS systems with vulnerability to the OpenSSL  Heartbleed bug (CVE-2014-0160). The operating systems vulnerable to Heartbleed are QTS versions  4.0 and 4.1. Versions 3.8 and earlier use a different version of  OpenSSL and are not affected by the OpenSSL Heartbleed bug.   

As described on the Common Vulnerabilities and Exposures website, some versions of the OpenSSL TLS and DTLS implementation do not properly process Heartbeat Extension packets which allow remote attackers to obtain sensitive information by reading private keys (aka the Heartbleed bug).   

“We  strongly urge users of vulnerable Turbo NAS systems to update their firmware,”  said Jason Hsu, Product Manager of QNAP. “Users are also recommended to contact  their SSL providers to regenerate their SSL CSR/keys for server protection.”   

To obtain the system updates (QTS 4.0.7 and QTS  4.1.0 RC2) with recompiled OpenSSL, please download from http://www.qnap.com/v3/en/product_x_down/ or have your Turbo NAS perform a live update  via the QTS control panel.   

For more  information, please contact us at http://helpdesk.qnap.com/