• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability

btarunr

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,356 (7.68/day)
Location
Hyderabad, India
System Specs
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
QNAP Systems Inc. today announced firmware updates for Turbo NAS systems with vulnerability to the OpenSSL Heartbleed bug (CVE-2014-0160). The operating systems vulnerable to Heartbleed are QTS versions 4.0 and 4.1. Versions 3.8 and earlier use a different version of OpenSSL and are not affected by the OpenSSL Heartbleed bug. As described on the Common Vulnerabilities and Exposures website, the OpenSSL 1.0.1 TLS and DTLS implementation, before 1.0.1g, does not properly process Heartbeat Extension packets which allow remote attackers to obtain sensitive information by reading private keys (aka the Heartbleed bug).



"We strongly urge users of vulnerable Turbo NAS systems to update their firmware," said Jason Hsu, Product Manager of QNAP. "Users are also recommended to contact their SSL providers to regenerate their SSL CSR/keys for server protection."

To obtain the system updates (QTS 4.0.7 and QTS 4.1.0 RC2) with recompiled OpenSSL, please download from this page, or have your Turbo NAS perform a live update via the QTS control panel.

View at TechPowerUp Main Site
 
You must log in or register to reply here.
Top