QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability


QNAP Releases System Updates to Fix Heartbleed OpenSSL Vulnerability

QNAP has announced firmware updates for Turbo NAS systems with vulnerability to the OpenSSL Heartbleed bug (CVE-2014-0160).

The operating systems vulnerable to Heartbleed are QTS versions 4.0 and 4.1. Versions 3.8 and earlier use a different version of OpenSSL and are not affected by the OpenSSL Heartbleed bug. As described on the Common Vulnerabilities and Exposures website, the OpenSSL 1.0.1 TLS and DTLS implementation, before 1.0.1g, does not properly process Heartbeat Extension packets which allow remote attackers to obtain sensitive information by reading private keys (aka the Heartbleed bug).

To obtain the system updates (QTS 4.0.7 and QTS 4.1.0 RC2) with recompiled OpenSSL, either download from here or have your Turbo NAS perform a live update via the QTS control panel.

Presently, most top websites like Google, Facebook, YouTube, Pinterest, and Wikipedia, are free of the Heartbleed vulnerability. However, some 20,000 websites are still susceptible. You can change your passwords at the websites mentioned in this list, if you haven't done so.

All News Categories

News for Past 12 Months

Subscribe to HWZ Here!

Subscribe now to receive latest tech news, articles and promotions straight to your inbox!
 
 
By signing up, you indicate that you have read and agreed to the and .