Security Updates for DSM 5 and DSM 6

Synology released updates for both DiskStation Manager 5 and DiskStation Manager 6 with security related fixes. The DSM 5 updated had one patch while the DSM 6 update killed several bugs. Also note, while there’s no official word from Synology, it looks like the update for DSM 6 may have been pulled back.

The main focus of these patches is to patch the badlock vulnerability which was shamelessly hyped. It’s not as bad as the lead-up made it sound, but it should still need to be patched. It’s less important in home or small networks where everyone is trusted (or already has complete access). Someone already needs access to your local network in order to exploit the vulnerability.

DiskStation Manager 5

DSM 5 is updated to version 5.2-5644-8.. This fixed a security vulnerability regarding Samba file service (CVE-2016-2118, also known as Badlock).

A reboot is not required but the Windows File Service was restarted, resulting in a temporary loss of access to the shares.

DiskStation Manager 6

(Note: the release notes for this release seem to have vanished. There’s also been forum posts that the update is no longer available in autoupdate. Synology may have pulled this update.)

DSM 6 is updated to DSM 6.0-7321 Update 1 (aka 6.0-7321-1) with the following fixes:

  1. Improved the stability When connecting via AFP protocol.
  2. Fixed a security vulnerability Regarding Samba file services (CVE-2016-2118, Also Known As Badlock).
  3. Fixed an issue Where a false-alarm warning about unexpected file changes OCCURS when saving files in Office Excel 2003.
  4. Fixed an issue Where Docker DSM might be terminated Even When valid licenses are imported.
  5. Fixed multiple issues That might because iSCSI service to hang under heavy loading and performing VMware VAAI commands.
  6. Fixed an issue in the qui of VLAN configuration changes Could result in abnormal functions on some of packages. eg Surveillance Station
  7. Fixed an issue Where the DSM title and welcome messages will be reset to default if users set it to blank.

Leave a Reply

Your email address will not be published. Required fields are marked *