[English]Der Hersteller QNAP hat kurz vor Weihnachten ein Firmware-Update für sein QTS 5 freigegeben. Das Update schließt einige Schwachstellen. Zudem wurde eine log4j-Schwachstelle in QNAP-Software gemeldet. Weiterhin leidet die Nutzerschaft von QNAP NAS-Laufwerken aktuell wohl an Cyber-Angriffen.
Anzeige
QTS 5.0.0.1891 build 20211221
Blog-Leser Stefan K. hat mich am 24.12.2021 per E-Mail kontaktiert. Er hat über die Feiertage IT-Bereitschaftsdienst und ist dadurch auf ein Firmware-Update aufmerksam geworden. Stefan schrieb mir:
Guten Abend Herr Born,
ich habe über die Feiertage Bereitschaft und mir ist gerade ein
Firmware-Update von QNAP unter die Augen gekommen, welches gleich eine
ganze Latte an Sicherheitslücken patched.Es geht im die Version QTS 5.0.0.1891 build 20211221. In den Release
Notes heißt es:[Security Updates]
– Fixed multiple security issues (CVE-2016-2124, CVE-2020-25717,
CVE-2020-25718, CVE-2020-25719, CVE-2020-25722, CVE-2021-3738,
CVE-2020-25721, and CVE-2021-23192).Vielleicht hilft die Info jemanden weiter.
Ihnen schöne Feiertage und einen guten Rutsch ins neue Jahr!
Mit freundlichen Grüßen
Stefan K
Zur QTS 5.0.0.1891 build 20211221 vom 23.12.2021 heißt es in den Release Notes:
QTS 5.0.0.1891 build 20211221 2021-12-23
Important Notes
- Using SSD cache in earlier QTS 5.0.0 versions might cause data corruption issues. We have fixed all identified issues in this release. Important: If you discover suspicious symptoms on your device, DO NOT run a file system check in Storage & Snapshots. To learn more about the circumstances, impacts, and solutions, see our Technical Advisory: https://www.qnap.com/en/technical-advisory/tec-202112-01
- Removed support for USB printers.
- To ensure data security, system stability, and storage performance, the maximum number of drives for a single RAID group is now 16 (applicable to RAID 5, RAID 6, and subgroups of RAID 50 and RAID 60). Nevertheless, users can combine multiple RAID groups into a large storage pool that contains more than 16 drives, using RAID 50, RAID 60, or RAID 10 as the RAID configuration. This enhancement will only be applied to new RAID groups. All existing RAID groups and storage systems will not be affected.
- For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
Security Updates
- Fixed multiple security issues (CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25722, CVE-2021-3738, CVE-2020-25721, and CVE-2021-23192).
Fixed Issues
- File Station would stop uploading files when uploading multiple large files at the same time. (Normally, File Station only uploads one file at a time while other files wait in a queue.)
- Domain users in Active Directory distribution groups could not access NAS shared folders after the NAS joined an Active Directory domain.
- Download jobs in Download Station would stop when users switched VPN connection from one client to another in QVPN.
- The LAN-10G2SF-MLX (10 GbE Mellanox network expansion card) would stop working after firmware update to QTS 5.0.0.
- Users occasionally could not open a shared folder in Snapshot Manager.
- QTS would not free up storage space after users removed Snapshot Vault from the NAS.
- Users could not extract RAR archive files in SMB shared folders.
- A file system issue (EXT4 error) might occur when users enabled SSD cache and then restarted the NAS while performing input/output operations.
- On the TS-453BT3, Network & Virtual Switch would not display certain information in the Overview section.
- On the TS-h1886XU-RP, QTS could not detect the M.2 SSD installed on the QM2-2P-384 expansion card if the QM2 was installed on PCIe Slot 4.
- Files in media folders would occasionally disappear after firmware update to QTS 5.0.0.
- The TS-853DU-RP and TS-1232PXU-RP could not detect the QXG-10G2T-X710 network expansion card after firmware update to QTS 5.0.0.
- On the TS-x72, QTS would show an unexpected error message about EFI loader signature on the HDMI display upon NAS startup.
- Users could not obtain the latest app information when querying with an SNMP MIB browser.
- Users could not use the TCP port 443 for web service if the UDP port 443 was reserved for another service. (Normally, users should be able to use the same port number for both TCP and UDP without conflicts.)
- Users could not disable Service Binding for iSCSI service after enabling Service Binding in QTS 4.5.4 and then updating QTS to 5.0.0. (Note: Starting from QTS 5.0.0, Service Binding no longer supports iSCSI service.)
- Connected external devices would automatically disconnect from the NAS after a long idle time.
- HDDs could not enter disk standby mode when the specified idle time was reached.
- A data corruption issue might occur when the usage of SSD cache was over 2 TB.
- File upload speeds via SMB were slower than expected after users created SSD cache.
- NAS A could not resolve required domain information when joining a domain if NAS B served as the domain controller.
Known Issues
- Twonky Server cannot function normally on the TS-h973AX running the latest versions of QTS.
- Some applications cannot access the NAS when secure connection and TLS 1.3 are enabled. This is due to a known issue in the applications. We will fix this issue in upcoming app releases.
- macOS Finder takes a long time to display content in SMB shared folders when users connect the Mac to the NAS via Thunderbolt. This problem may be due to Mac device driver issues. It only occurs to Mac devices with Intel processors and macOS 11 (or later versions).
- Thunderbolt write speeds are lower than expected in QTS 5.0.0. Note: Due to Thunderbolt driver compatibility issues, if you are using macOS 11/12 devices with Intel processors, we do not recommend updating QTS to 5.0.0 for the time being.
- QTS and QuTS hero with newer kernel versions do not support ATTO Fibre Channel adapters. If you have already installed an ATTO Fibre Channel adapter on your device, we do not recommend updating the firmware to QTS 5.0.0 or QuTS hero h5.0.0 for the time being.
- Control Panel cannot display the information of the TPU installed in the M.2 slot on the QGD-1602P.
- After users rename a shared folder, QuLog Center still displays the original folder name in Accessed Resources.
- The WordPress folder would disappear from the NAS Web Folder after users updated QTS to 5.0.0 and WordPress to 5.7.2. (WordPress could not keep the previous settings during the update.)
- On certain ARM-based models, non-administrator users cannot access subfolders in the @Recently-Snapshot folder when advanced shared folder permission settings are enabled.
- A file system issue (EXT4 error) might occur when users disabled or removed SSD cache after using SSD cache.
Other Changes
SSD Profiling Tool
- QTS no longer pre-installs SSD Profiling Tool by default. Users can install this tool in the App Center.
Control Panel
- Replaced SQL Server with MariaDB 5/MariaDB 10, which can be installed in the App Center.
- Removed iSCSI Service from Service Binding in Control Panel. Users can now configure iSCSI service binding settings in iSCSI & Fibre Channel.
Qboost
- Qboost is no longer a built-in application of QTS. Users can choose to install Qboost in App Center.
App Center
- To ensure system security, QTS now automatically disables applications that are not updated and that do not meet the minimum version requirements.
- Removed support for the following applications, utilities, or services:
- WebERP
- GLPI
- Vtiger CRM
- Ragic Cloud DB
QVR Pro Client & QVR Smart Client
- Starting from QTS 5.0.0, HybridDesk Station no longer supports QVR Pro Client (HDMI output). You can install QVR Smart Client on HybridDesk Station as the client software for your QVR Pro, QVR Elite, or QVP surveillance servers. Note that QVR AI Pack License is required for using QVR Smart Client. You can continue using QVR Pro Client on Windows or macOS as the client software for your surveillance servers to watch live views or play back recordings.
NVR Storage Expansion
- Starting from QTS 5.0.0, NVR Storage Expansion is no longer supported.
Angriffe auf QNAP-Geräte
Zudem bin ich aktuell auf den nachfolgenden Tweet gestoßen, der anhaltende Angriffe auf QNAP-Geräte berichtet.
Anzeige
Vom 23.12.2021 gibt es noch eine Aktualisierung der Sicherheitsmeldung QSA-21-58, die sich mit der Apache Log4j-Library und den Schwachstellem CVE-2021-44228 | CVE-2021-45046 | CVE-2021-45105 | CVE-2021-4104 befasst-
Anzeige
Bezüglich Log4j ist die entscheidende Information, dass die QNAP Geräte nicht von dieser Sicherheitslücke betroffen sind, sofern man nicht irgendwelche 3rd-Party Anwendungen installiert hat.
Ein System fährt nach dem Pre-Reboot nicht mehr hoch, ein anderes meldet 3 von 3 beschädigte Dateisysteme nach der Softwareinstallation (und das obwohl alle Dateisysteme unmounted waren und die Dienste vorher sauber beendet wurden).
Der Scheiß ist einfach Rotz.