Firmware update: QNAP TS-xx0/xx2/xx9 4.1.4 build 0804

QNAP has released an update to version 4.1.4 of the firmware included on various models of its NAS devices. In the most recent version, among other things, the option to install NAS via an HDMI connection has been added and the firmware can better handle external hard drives with an NTFS or HFS+ format. This update includes several security vulnerabilities and bug fixes. Furthermore, QNAP recommends updating PHP and MySQL from the App Center to the latest versions.

Bug Fixes

• Fixed PPP vulnerabilities (CVE-2015-3310, CVE-2014-3158).
• Fixed OpenSSL vulnerabilities (CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1793 and CVE-2015-1792).
• Fixed a CGI vulnerability that could lead to unauthorized execution of arbitrary codes by remote users.
• Fixed the Logjam vulnerability (CVE-2015-4000) in Apache, ProFTPD, and OpenVPN.
• Fixed XSS vulnerabilities for the “Edit Account Profile” page, File Station, Syslog Viewer and System Connection Logs.
• Fixed the POODLE vulnerability (CVE-2014-3566) in ProFTPD.
• The system fails to convert between UIDs and GIDs from DCs and AD DCs.
• The system fails to initiate the Smart Fan when HDDs are overheating.
• RAM usage abnormally spikes when domain users log in and log out.
• The system fails to load Pixlr Editor.
• The system fails to fetch the directory ID for folder permissions in File Station.
• The system does not show the correct message after users manually stop LUN snapshot tasks.
• The system fails to sync the recycle bins between the source and destination in a RTRR task.
• The system fails to fetch the entire IP address when users share files in File Station.
• The system fetches an incorrect photo timestamp.
• The system fails to store data in the correct location, causing ram disk full errors when using Twonky Media server.
• The system fails to identify special characters (ex. @#$) in domain group names.
• The system fails to fetch passwords if they contain “<” (ex. H
• The system fails to identify a local IP, causing file sharing to fail in File Station if users log in from a non-gateway LAN port.
• The system rebuilds shared folders each time the folder property is changed, causing File Station to hang.

Enhancement

• Support the write cache emulation option in iSCSI to improve performance.

note

• We recommend that you upgrade PHP to the latest version by downloading it from the App Center since this version addresses multiple vulnerabilities. To ensure reliability, users should check for compatibility before upgrading.
• We recommend that you upgrade MySQL to the latest version by downloading QMariaDB from the App Center since this version addresses multiple vulnerabilities. To ensure reliability, users should check for compatibility before upgrading.