Firmware-update: QNAP TS-xx0/xx2/xx9 4.1.4 build 0804

QNAP heeft een update voor versie 4.1.4 uitgebracht van de firmware die op diverse modellen van zijn nas-apparaten staat. In de recentste versie is onder meer de mogelijkheid toegevoegd om nas te installeren via een hdmi-verbinding en kan de firmware beter overweg met externe harde schijven met een ntfs- of hfs+-indeling. In deze update zijn diverse beveiligingsproblemen verholpen en bugfixes doorgevoerd. Verder adviseert QNAP om php en MySQL vanuit het App Center bij te werken naar de nieuwste versies.

Bug Fixes

• Fixed PPP vulnerabilities (CVE-2015-3310, CVE-2014-3158).
• Fixed OpenSSL vulnerabilities (CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1793 and CVE-2015-1792).
• Fixed a CGI vulnerability that could lead to unauthorized execution of arbitrary codes by remote users.
• Fixed the Logjam vulnerability (CVE-2015-4000) in Apache, ProFTPD, and OpenVPN.
• Fixed XSS vulnerabilities for the “Edit Account Profile” page, File Station, Syslog Viewer and System Connection Logs.
• Fixed the POODLE vulnerability (CVE-2014-3566) in ProFTPD.
• The system fails to convert between UIDs and GIDs from DCs and AD DCs.
• The system fails to initiate the Smart Fan when HDDs are overheating.
• RAM usage abnormally spikes when domain users log in and log out.
• The system fails to load Pixlr Editor.
• The system fails to fetch the directory ID for folder permissions in File Station.
• The system does not show the correct message after users manually stop LUN snapshot tasks.
• The system fails to sync the recycle bins between the source and destination in a RTRR task.
• The system fails to fetch the entire IP address when users share files in File Station.
• The system fetches an incorrect photo timestamp.
• The system fails to store data in the correct location, causing ram disk full errors when using Twonky Media server.
• The system fails to identify special characters (ex. @#$) in domain group names.
• The system fails to fetch passwords if they contain “<” (ex. H
• The system fails to identify a local IP, causing file sharing to fail in File Station if users log in from a non-gateway LAN port.
• The system rebuilds shared folders each time the folder property is changed, causing File Station to hang.

Enhancement

• Support the write cache emulation option in iSCSI to improve performance.

Note

• We recommend that you upgrade PHP to the latest version by downloading it from the App Center since this version addresses multiple vulnerabilities. To ensure reliability, users should check for compatibility before upgrading.
• We recommend that you upgrade MySQL to the latest version by downloading QMariaDB from the App Center since this version addresses multiple vulnerabilities. To ensure reliability, users should check for compatibility before upgrading.