Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories
QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability
By Joy Hou - on 21 Apr 2014, 10:38am

QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability

QNAP has announced firmware updates for Turbo NAS systems with vulnerability to the OpenSSL Heartbleed bug (CVE-2014-0160).

The operating systems vulnerable to Heartbleed are QTS versions 4.0 and 4.1. Versions 3.8 and earlier use a different version of OpenSSL and are not affected by the OpenSSL Heartbleed bug. As described on the Common Vulnerabilities and Exposures website, the OpenSSL 1.0.1 TLS and DTLS implementation, before 1.0.1g, does not properly process Heartbeat Extension packets which allow remote attackers to obtain sensitive information by reading private keys (aka the Heartbleed bug).

To obtain the system updates (QTS 4.0.7 and QTS 4.1.0 RC2) with recompiled OpenSSL, either download from here or have your Turbo NAS perform a live update via the QTS control panel.

Presently, most top websites like Google, Facebook, YouTube, Pinterest, and Wikipedia, are free of the Heartbleed vulnerability. However, some 20,000 websites are still susceptible. You can change your passwords at the websites mentioned in this list, if you haven't done so.


Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.