Firmware Version 4.1.414.34909 for px4

Firmware Update
LenovoEMC End of Service Life - Refer to this page for more information

Technical support, service, and security updates for this device will end March 31, 2020

Version 4.1.414.34909 is the latest LifeLine firmware release for px4-400r network storage devices. This update is recommended for all px4-400r devices. This article provides instructions on how to download and install the firmware update.

Changes In Version 4.1.414.34909 - Release Date 03/06/2020

  • Addresses several security vulnerabilities

LenovoEMC strongly recommends that all users download and install this firmware update to ensure the security of their network storage device.

For information on changes in previous releases, see the Version History section below.

NOTE: If you encounter an authentication failure for the media server after applying this update, refer to Answer ID 34887 for instructions on how to reset the media server username and password.

Update Instructions

CAUTION!
This update is not data destructive, however, ALWAYS back up your data before performing any firmware update!
 
Once you have updated the firmware, you will NOT be able to revert to an older firmware version.

Application updates:
If you are updating from any version below 4.1.102, you need to update LifeLine applications after updating your device firmware. Refer to Answer ID 34790 for information on changes in application support with this firmware update.

Firmware Update Procedure:

  1. Download the b4b-4.1.414.34909.tgz file to your computer.
     
    Internet Explorer Users: When the file is downloaded with Internet Explorer, the file which shows as a .TGZ file, may be downloaded as a .GZ file. This is a product of file MIME types built into Internet Explorer. This file is still recognized by the device as an update file.
     
    Mac Users: Mac OS X will automatically try to decompress this file once it is downloaded. In most cases decompression will fail. This is normal. You will be using the compressed .tgz file for the installation. Do NOT try to decompress this file.
  2. Log in to the network storage device and navigate to the management console.
  3. Click on the System icon, then click on Software Updates .
  4. In the Add Software popup box, click Browse... and select the b4b-4.1.414.34909.tgz file.
  5. Click on Upload and allow the file to upload to your device.
  6. When the update is uploaded to the network storage device, the Status column will say Ready to apply .
  7. Click Apply all pending updates to apply the update or updates. The firmware update will be applied to your device. If you want to remove the update without applying changes, click the trash can icon the Action column.
     
    CAUTION! Do not shut down or restart the device during the update process as this can damage the device. The software update will temporarily make the device inaccessible. Be sure no critical files are being accessed.
  8. If the device does not reboot automatically after completing the update, please reboot manually.
  9. Clear the cache on your browser before accessing the management interface for your device.

Download Instructions

Click the link below to download the firmware update file:

 
b4b-4.1.414.34909.tgz File Size: 276 MB
      md5sum : c89bb29eda628ef7b0645bc324e77d30
SHA1 : f34fc68c6e8d72f516a8de4cace726a89367170c
SHA256 : 8746f30609d7c9fd9fb10ca3d01bbefa23c8a10ded82fcfd471cc9acda7a46b7

NOTE: The 'Lenovo NAS Photo Upload Service' for Facebook is no longer supported due to Facebook restrictions.

NOTE: Facebook and Flickr applications will not function correctly with firmware versions prior to 4.1.306. After upgrade to version 4.1.306 Facebook and Flickr shares need to be reconfigured.

NOTE: This upgrade will break SecureMind SDK Application. Refer to Answer ID 35169 for more information.

NOTE: For the open source code associated with this firmware, click here .

NOTE: LSM 1.4.8.33485 is mandatory to detect and manage network storage devices running LifeLine 4.1.114 or above, click here .

Version History — Previous Firmware Releases

Version 4.1.412.34888 - Release date 12/11/2019

  • Added option to enable/disable 'SMB Server Signing' in 'Windows File Sharing' protocol

Version 4.1.410.34865 - Release date 10/16/2019

  • Addresses several security vulnerabilities in OpenSSL, Samba, FTP.

Version 4.1.408.34845 - Release date 07/17/2019

  • Upgraded Samba to 4.9.3
  • Addresses security vulnerability in Netatalk (CVE-2018-1160)
  • Minor bug fixes

Version 4.1.406.34763 - Release date 11/15/2018

  • Upgraded Amazon S3 to 2.0.2
  • Addresses security vulnerability in Samba (CVE-2018-1139)
  • Addresses several security vulnerabilities in OpenSSH (CVE-2018-15473, CVE-2018-15919)
  • Minor bug fixes

Version 4.1.404.34716 - Release date 09/19/2018

  • Addresses security vulnerability in OpenSSL (CVE-2018-0732)
  • Addresses security vulnerability in CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081, CVE-2018-9082
  • Minor bug fixes

Version 4.1.402.34662 - Release date 07/11/2018

  • Upgraded Samba to 4.7.7
  • Addresses security vulnerability in OpenSSL (CVE-2018-0739)
  • Minor bug fixes

Version 4.1.312.34560 - Release date 04/18/2018

  • Addresses security vulnerability in OpenSSH (CVE-2016-10708)
  • Addresses security vulnerability in libcurl (CVE-2018-1000007)
  • Addresses security vulnerability in Linux Kernel (CVE-2017-17558)
  • Addresses security vulnerability in Curl (CVE-2018-1000122)
  • Minor bug fixes

Version 4.1.310.34505 - Release date 02/28/2018

  • Addresses several security vulnerabilities in rsync (CVE-2017-16548, CVE-2017-17434, CVE-2017-17433, CVE-2018-5764)
  • Addresses several security vulnerabilities in libxml2 (CVE-2017-16932, CVE-2017-16931)
  • Addresses several security vulnerabilities in Samba (CVE-2017-14746, CVE-2017-15275)
  • Addresses security vulnerability in OpenSSL (CVE-2017-3737)
  • 'CBC ciphers' disabled by default in SSH Server
  • Minor bug fixes

Version 4.1.308.34385 - Release date 11/13/2017

  • Addresses security vulnerability in eglibc (CVE-2017-8804)
  • Addresses security vulnerability in libgcrypt (CVE-2017-7526)
  • Addresses security vulnerability in OpenSSL (CVE-2017-3735)
  • Updates Samba from 4.5.3 to 4.5.14 for Several security vulnerabilities
  • Minor bug fixes

Version 4.1.306.34329 - Release date 08/10/2017

  • Addresses security vulnerabilities in OpenSSL (CVE-2017-3732)
  • Addresses security vulnerabilities in Apache2 (CVE-2017-3169, CVE-2017-7679)
  • Addresses SHA-1 deprecation in Krb5
  • Modify Flickr feature to support new authentication (OAuth2)
  • Minor bug fixes

Version 4.1.304.34286 - Release date 06/28/2017

  • Addresses security vulnerability in SAMBA (CVE-2017-7494)
  • Addresses security vulnerability in mt-dappd (CVE-2007-5825)
  • Addresses several security vulnerabilities in NFS (CVE-2017-7645, CVE-2017-7895)
  • Minor bug fixes

Version 4.1.302.34230 - Release date 03/27/2017

  • Upgraded Samba to 4.5.3.
  • Upgraded Netatalk to 3.1.10.
  • Updated iscsi-scst, scstadmin and scst packages to 3.1.0.
  • Upgraded SmartCtl tool.
  • Addresses several security vulnerabilities in libupnp (CVE-2016-6255, CVE-2016-8863)
  • Addresses security vulnerability in NET-SNMP (CVE-2015-5621)
  • Addresses security vulnerability in libcurl (CVE-2016-7141)
  • Minor bug fixes.

Version 4.1.218.34037 - Release date 01/10/2017

  • Addresses Kernel security vulnerability (CVE-2015-8962)
  • Addresses security vulnerabilities in Curl(CVE-2016-8618, CVE-2016-8624).
  • Minor bug fixes.

Version 4.1.216.33998 - Release date 11/09/2016

  • Addresses security vulnerabilities in OpenSSL(CVE-2016-2182, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182, CVE-2016-2179, CVE-2016-2181, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052).
  • Updated iscsi-scst, scstadmin and scst packages to 3.1.0.
  • Minor bug fixes.

Version 4.1.214.33935 - Release date 09/28/2016

  • Addresses security vulnerabilities in OpenSSL(CVE-2016-6210).
  • Addresses security vulnerabilities in Curl(CVE-2016-5419, CVE-2016-5420, CVE-2016-5421).
  • Addresses security vulnerabilities in libgd2 (CVE-2016-5116; CVE-2016-5766; CVE-2016-6128; CVE-2016-6132; CVE-2016-6161; CVE-2016-6214).
  • Minor bug fixes.

Version 4.1.212.33882 - Release date 08/03/2016

  • Addresses security vulnerabilities in OpenSSL(CVE-2016-2177, CVE-2016-2178)
  • Addresses security vulnerabilities in glibc(CVE-2016-4429 , CVE-2016-3706)
  • Addresses security vulnerabilities in expat(CVE-2012-6702 CVE-2016-5300)
  • Addresses Kernel security vulnerability (CVE-2016-4485)
  • Fixes samba badblock regression issues.

Version 4.1.210.33855 - Release date 06/30/2016

  • Addresses several security vulnerabilities in OpenSSL (CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176)
  • Addresses POPPLER security vulnerability (CVE-2015-8868)
  • Minor bug fixes.

Version 4.1.208.33789 - Release date 05/23/2016

  • Addresses several security vulnerabilities in SAMBA (Badlock CVE-2016-2118; CVE-2016-0128).

Version 4.1.206.33777 - Release date 05/02/2016

  • Addresses several security vulnerabilities in Glibc (CVE-2015-1781, CVE-2015-7547)
  • Addresses OpenSSL DROWN security vulnerability (CVE-2016-0800)
  • Addresses several security vulnerabilities in TIFF, Kerberos, PNG, libssh.
  • Addresses several security vulnerabilities in SAMBA (CVE-2015-7560, CVE-2016-0771).
  • Addresses security vulnerabilities in Linux kernel (CVE-2016-2069, CVE-2016-0723)
  • Minor bug fixes.

Version 4.1.204.33661 - Release date 03/09/2016

  • Addressed several security vulnerabilities in Samba, OpenSSL and OpenSSH
  • Addressed SLOTH security attack on TLS 1.2 (CVE-2015-7575)
  • Secured access for NAS API from remote (Refer to Answer ID 35179 for more information.)
  • Upgraded to Twonky Media Server to v8.2 (Refer to Answer ID 35180 for more information.)
  • Minor bug fixes.

Version 4.1.202.33573 - Release date 01/06/2016

  • Addresses several security vulnerabilities in Glibc and Kerberos
  • Fix to Missing httpOnly Cookie Attribute
  • Updates OpenSSL from 1.0.1e-2+deb7u17 to 1.0.2d for Several security vulnerabilities
  • Improved Drive Management handling in case of disk failure.
  • Adds Samba 4.1 support.
  • Minor bug fixes.

Version 4.1.114.33421 - Release date 10/19/2015

  • Addresses “Bar Mitzvah” Attack for SSL/TLS.
  • Addresses several security vulnerabilities in CUPS.
  • Minor bug fixes.

Version 4.1.112.33292 - Release date 07/22/2015

  • Addresses Curl – allow remote proxy servers to obtain sensitive information (CVE-2015-3153).
  • Updates OpenSSL from 1.0.1e2+deb7u16 to 1.0.1e-2+deb7u17 for Several security vulnerabilities (CVE-2015-1789, CVE-2015-1789, CVE-2015-1792, CVE-2015-1791).
  • FTPS support (FTP/TLS).
  • Fix to Facebook and YouTube feature to support OAuth2.
  • Minor bug fixes.

Version 4.1.110.33149 - Release date 05/12/2015

  • Addresses Samba – Unexpected code execution in smbd (CVE-2015-0240) and other issue (CVE-2012-6150 ,CVE-2013-4408, CVE-2014-3560)
  • Updates OpenSSL from 1.0.1e2+deb7u13 to 1.0.1e-2+deb7u16 for Several security vulnerabilities (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292)
  • Update Apache 2.4.7 to 2.4.12 to address HTTP 2.4.7 mod_proxy vulnerability (CVE-2014-0117)
  • Allow AD join to filter users and groups by Organization Unit
  • FTP issue with special characters.
  • Minor bug fixes.

Version 4.1.108.32627 - Release date 02/09/2015

  • Resolves a security vulnerability.

Version 4.1.106.31982 - Release date 12/03/2014

  • Addresses POODLE security vulnerability by removing support for SSLv3.
  • Addresses OpenSSL memory leak and DOS attack vulnerabilities (CVE-2014-3513, CVE-2014-3567, and CVE-2014-3568).
  • Secures access to media server settings.

Version 4.1.104.31360 - Release date 10/15/2014

  • Fixes Shellshock vulnerabilities (see Shellshock CVE list ). Refer to Answer ID 34789 for more information on Shellshock.
  • Updates OpenSSL from 1.0.1e2+deb7u6 to 1.0.1e2+deb12. See the OpenSSL CVE list for a complete list of CVE's fixed with this update.
  • Fixes issue with user ID mappings resulting from Samba 4 upgrade.

Version 4.1.102.29716 - Release date 07/15/2014

  • New user-friendly setup sequence.
  • NAS device is automatically secured during device setup.
  • Redesigned management interface.
  • New applications for px products, including Milestone Arcus with Interconnect and McAfee ePO
  • Adds Samba 4.0 support.
  • Drive Management improvements, including RAID recovery.
  • Security fixes.

See the release notes for additional details on changes in LifeLine version 4.1.102.29716. The release notes are available only in English.

Version 4.1.6.26800 - Release date 04/28/2014

  • Resolves the OpenSSL Heartbleed security vulnerability on px4-400r and px4-400r network storage devices

Please see Answer ID 33937 for information on the Heartbleed issue.

Version 4.1.4.24001 - Release date 02/13/2014

Version 4.1.2.20067 - Release date 01/03/2014

  • Initial firmware release for the px4-400r
(0)

相关推荐