New Release - My Cloud EX2 Firmware Release 2.12.127 (01/8/19)

My Cloud OS 3 Personal & Network Attached Storage My Cloud EX2
1

WD is happy to release the My Cloud EX2 firmware version 2.12.127.

2.12.127 Release Notes

Security Fixes

• Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE 2016-10107.
• Resolved multiple cross site request forgery (CSRF) vulnerabilities.
• Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195).
• Resolved multiple denial-of-service vulnerabilities.
• Improved security by disabling SSH shadow information.
• Resolved a buffer overflow issue that could lead to unauthenticated access.
• Resolved a click-jacking vulnerability in the web interface.
• Resolved multiple security issues in the Webfile viewer on-device app.
• Improved the security of volume mount options.
• Resolved multiple security issues in the EULA onboarding flow.
• Resolved leakage of debug messages in the web interface.
• Improved credential handling for the remote MyCloud-to-MyCloud backup feature.
• Improved credential handling for upload-logs-to-support option.

Components Updated

• Apache -v2.4.34
• PHP -v5.4.45
• OpenSSH -v7.5p1
• OpenSSL -v1.0.1u
• libupnp -v1.6.25 (CVE-2012-5958)
• jQuery -v3.3.1 (CVE-2010-5312)

Other Bug Fixes

• Resolved high CPU utilization with ufraw-batch process.
• Improved remote host port handling

2.11.169 Release Notes

Resolved Issues:

  • Resolved security vulnerability (CVE-2017-17560) - Unauthorized access to multipart upload functionality.
4

strange that when I click update firmeware from within the admin menu that it tells me I’m up to date. I am running 2.11.178.

5

What is going on here WD???
The Topic title has Release 2.12.127 (01/8/19) and the topic was “pinned” JAN 12, '18.

My WDEX2 is on 2.11.178 and says there is no new firmware. This firmware downloads to my device but hangs at “Updating” and does not install.

SOMEONE FROM WD NEEDS TO REPLY HERE.

6

Same here, version 2.11.178 stated as latest version on my two units. I managed to update it following manual process.

7

I also was able to do manual install; very frustrating to not have the EX2 Dashboard itself not recognize when a new release has been made. Frustration compounded with WD Tech support doesn’t respond to reasonable queries like these on their own postings. What’s use of the support portal if no support is provided, one can’t help but wonder.

9

You forgot to solve the CVE-2004-0113
This update was not found by the NAS. It´s needed to search manually.

image
image915×572 203 KB