Hi,
Es gibt mal wieder ein Update.... DL wie immer bei qnap.de>support>downloadcenter
QTS 4.2.4 Build 20170313
[Bug fixes]
- Fixed an issue where an error message would appear when the Docker Certificate expired due to users manually setting the time forward.
- Fixed an issue where RTRR FTP backup jobs would not accept passwords that contained more than 16 characters.
- Fixed an issue where users could not upload files larger than 4 GB in File Station when using Internet Explorer 11.
- Fixed an issue where bluetooth devices would disappear from the device list after Container Station was installed and enabled.
- Fixed an issue where users could not connect a Mac to the NAS when using L2TP/IPsec VPN service.
- Fixed an issue where the System Logs would incorrectly display VPN connections as PPTP when PPTP was enabled.
- Fixed an issue where unexpected errors would occur when key combinations were used consecutively in HybridDesk Station.
- Fixed an issue where users could not use Affinity Photo to edit the photos in NAS shared folders mounted on OS X via AFP.
- Fixed an issue where the system would not automatically check for available firmware updates when users logged in after setting the date format as DD/MM/YYYY.
- Fixed a configuration file vulnerability that could be exploited to compromise the security of sensitive data. (CVE-2017-5227)
- Fixed an Apache HTTP Server vulnerability that could be exploited to deny requests to a server. (CVE-2016-8740)
- Fixed a stack overflow vulnerability that could be exploited to gain control of the EIP register.
- Fixed a SQL injection vulnerability that could be exploited to execute arbitrary SQL commands
- Fixed a command injection vulnerability in transcoding that could be exploited to execute unauthorized commands.
- Fixed a heap overflow vulnerability.
- Fixed a cross-site scripting vulnerability that could be exploited to inject arbitrary JavaScript commands.
- Fixed 2 stack overflow vulnerabilities that could be exploited to cause segmentation faults and gain control of the EIP register.
- Fixed a command injection vulnerability in transcoding that could be exploited to gain the administrator privileges and execute unauthorized commands
- Fixed a command injection vulnerability that could be exploited to gain the administrator privileges and execute unauthorized commands. (CVE-2017-6361)
- Fixed a command injection vulnerability that could be exploited to gain the administrator privileges and execute unauthorized commands. (CVE-2017-6359)
- Fixed an access control vulnerability that would incorrectly restrict authorized user access to resources.
- Fixed 2 stack overflow vulnerabilities.