QNAP Releases Qfix 1.0.1 to Path GNU Bash Vulnerability
QNAP Systems, Inc. today released the Qfix 1.0.1 patch for its Turbo NAS lineup to address the GNU Bash Environment Variable Command Injection Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187), also known as "Shellshock," that can allow attackers to gain remote control over UNIX/Linux-based systems.
QNAP has previously released QTS version 4.1.1 Build 0927 to resolve CVE-2014-6271 and CVE-2014-7169. With Qfix 1.0.1 more vulnerabilities including CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187 are now resolved. Users are strongly urged to immediately install Qfix 1.0.1 on their Turbo NAS.
QNAP has previously released QTS version 4.1.1 Build 0927 to resolve CVE-2014-6271 and CVE-2014-7169. With Qfix 1.0.1 more vulnerabilities including CVE-2014-6277, CVE-2014-6278, CVE-2014-7186, and CVE-2014-7187 are now resolved. Users are strongly urged to immediately install Qfix 1.0.1 on their Turbo NAS.