Synology released Update 2 for DSM 5.2 earlier today. I’ve applied it to four Disk Stations without a problem. (DS1815+, DS415+, DS1511+, DS212+) The update does reboot the Synology NAS and typically takes less than 10 minutes to install, including that reboot.
As part of the release notes for Update 2 Synology says:
A thorough investigation has been done, and it is confirmed that DSM and its related packages are not impacted by the LogJam vulnerability because of the way Synology implements OpenSSL in our system.
So, this update is not needed for this vulnerability. There are some kernel vulnerability fixes included although these were mainly vulnerable to local users. Still, security fixes should be installed as soon as possible.
Synology says Update 2 has the following fixes:
- Improved the stability of SHR expansion.
- Improved the stability of SMB transfer when the system is being accessed by an excessive number of clients.
- Fixed multiple kernel vulnerabilities (CVE-2014-3122, CVE-2014-3153, CVE-2014-0196, and CVE-2014-4699).
- Fixed an issue where CPU usage could remain high when widget is enabled.
- Fixed an issue where LDAP users could fail to log in to DSM.
- Fixed an issue where files could not be downloaded via Windows’ terminal.
- Fixed an issue where system cannot enter hibernation.
- Fixed an issue where some folders with non-English names would become inaccessible via SMB.
- Fixed an issue where volumes/iSCSI LUN cannot be displayed after the Synology High Availability system resumes from safe mode with UPS connected.