본문 바로가기

취약점 정보2

QNAP Updates

728x90

Important Notes

  • To ensure system functionality, after updating QTS to 4.3.6, please also update Container Station to 1.9 in App Center before enabling QVR Pro.
  • The RADVD service previously did not have an outgoing interface. Please reconfigure the RADVD service after upgrading.
  • Due to security concerns, support for "Wi-Fi ad-hoc mode" has been removed.
  • This QTS update changes the file system of the system partition to ext4 for ARM-based models with Annapurna Labs processors. For data security reasons, you are not able to downgrade QTS to a previous version after this update. Affected models: TS-131P, TS-231P, TS-431P, TS-531P, TS-231+, TS-431+, TS-231P2, TS-431P2, TS-431X, TS-431X2, TS-531X, TS-831X, TS-1231XU-RP, TS-1231XU, TS-831XU-RP, TS-831XU, TS-431XU-RP, TS-431XU, TS-431XeU, and TS-1635.
  • For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
  • When QTS 4.3.x is installed on NAS models running on 64-bit Intel and AMD processors, some applications may not be supported. To check if installed apps on your NAS are compatible with QTS 4.3.x, download the QTS 64-bit compatibility tool and install it on your current QTS build. (https://download.qnap.com/QPKG/CF64_0.1-1114.qpkg.zip)
  • Below are the kernel versions for NAS models that are supported by QTS 4.3.6: (1) Kernel 3.10.20: TS-128, TS-228 (2) Kernel 3.2.26: TS-x31, TS-x31U (3) Kernel 4.2.8: all other models supported by QTS 4.3.6
  • Due to the limitations of future kernel updates, QTS 4.3.6 is the final available QTS update for the following NAS models: TS-EC1679U-SAS-RP, TS-EC1679U-RP, TS-1679U-RP, TS-EC1279U-SAS-RP, TS-EC1279U-RP, TS-1279U-RP, TS-1079 Pro, TS-EC879U-RP, TS-879U-RP, TS-1270U-RP, TS-870U-RP, TS-470U-RP, TS-470U-SP, TS-879 Pro, TVS-870, TS-870 Pro, TS-870, TVS-670, TS-670 Pro, TS-670, TVS-470, TS-470 Pro, and TS-470.
  • Due to the limitations of non-expandable memory capacity and 32-bit processor architecture, starting from QTS 4.3.6, the TS-128 and TS-228 no longer support Container Station and all the dependent applications, including Notes Station 3, Qcontactz, QcalAgent, AWS Greengrass, and QIoT Suite Lite.

Fixed Issues

  • Fixed a local security bypass vulnerability in ProFTPD (CVE-2017-7418).
  • Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19269).
  • Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19270).
  • Fixed a denial of service vulnerability in ProFTPD (CVE-2019-18217).
  • Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19272).
  • Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19271).
  • Fixed a use-after-free vulnerability in ProFTPD that could be exploited for arbitrary code execution (CVE-2020-9273).
  • Fixed an out-of-bounds read vulnerability in ProFTPD (CVE-2020-9272).
  • Fixed a UDP flood denial-of-service vulnerability in Samba Active Directory Domain Controller (AD DC).
  • Fixed a resource exhaustion vulnerability in Samba Active Directory domain controller (CVE-2020-10745).

Known Issues

  • When a TR-002 external RAID enclosure is connected to a USB 3.1 Gen2 port on the NAS, the bus type incorrectly appears as USB 3.0 in the QTS UI. This is a UI problem only, data will actually be transferred at USB 3.1 Gen2 speeds.
  • When data is being transferred to or from a QNAP external RAID enclosure, changes to the status of a degraded RAID group might not be visible immediately in Storage & Snapshots.
  • When an external RAID group is in degraded mode its read/write performance will be greatly reduced.
  • A failed external RAID group may have the status "Unknown" instead of "Failed".
728x90