QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability

QNAP® Systems Inc. today announced firmware updates for Turbo NAS systems with vulnerability to the OpenSSL Heartbleed bug (CVE-2014-0160). The operating systems vulnerable to Heartbleed are QTS versions 4.0 and 4.1. Versions 3.8 and earlier use a different version of OpenSSL and are not affected by the OpenSSL Heartbleed bug.

As described on the Common Vulnerabilities and Exposures website, the OpenSSL 1.0.1 TLS and DTLS implementation, before 1.0.1g, does not properly process Heartbeat Extension packets which allow remote attackers to obtain sensitive information by reading private keys (aka the Heartbleed bug).

“We strongly urge users of vulnerable Turbo NAS systems to update their firmware,” said Jason Hsu, Product Manager of QNAP. “Users are also recommended to contact their SSL providers to regenerate their SSL CSR/keys for server protection.”

To obtain the system updates (QTS 4.0.7 and QTS 4.1.0 RC2) with recompiled OpenSSL, please download from http://www.qnap.com/i/en/product_x_down/ or have your Turbo NAS perform a live update via the QTS control panel.

For more information, please contact us at http://helpdesk.qnap.com/

About Joe D

I have always had a passion for everything computing. In early 2000, I decided to take my passion to the web. Thus, C.O.D. was born. Through the years we have made many great friends at C.O.D. and hope to continue our journey for years to come.

Check Also

QNAP Launches AMD-powered 10GbE TS-x63U

QNAP® Systems, Inc. today announced the new business-class AMD-powered quad-core TS-x63U series NAS; available in 4, 8 and 12-bay models with single and redundant power supply options. The TS-x63U series provides 10GbE network connectivity with its single-port SFP+ network adapter, and supports bridging 1GbE devices to a 10GbE network with its four built-in GbE interfaces. Coupled with an AES-NI hardware-accelerated encryption engine, SSD cache support, and flexible scalability; the TS-x63U series is ideal for SMBs looking for backup, restoration, virtualization storage, private cloud, and to future-proof their IT infrastructure for 10GbE networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.