DiskStation Manager 6 received both Update 5 and Update 6 today. This rather strange occurrence, two updates in one day, appears to be because an official security patch was released after some mitigation had been applied in the pending update. My guess is Synology did’t know when the patch was coming out but wanted to get the security vulnerabilities mitigated as soon as possible, so used an unofficial workaround. The the official patch was released and they used it to replace their workaround.
These updates include patches for security vulnerabilities so updating as quickly as possible is recommended.
I update the following models without any immediate issues, although a reboot was required: DS212+, DS214Play, DS415+, DS1511+, DS716+, DS1815+.
DiskStation Manager 6 Update 6
The second update, but the only one you’ll see mentioned in the update section is version 6.0-7321-6 (aka Update 6). This replaces item 10 in the Update 5 fix list.
- Applied the enhanced official workaround to mitigate multiple vulnerabilities of ImageMagick module (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718).
DiskStation Manager 6 Update 5
Although you’ll never see it listed in the update section of DSM, the first, and bigger update is version 6.0-7321-5 (aka Update 5)
- Upgraded NTP to 4.2.8p7 to address multiple vulnerabilities (CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550, CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519).
- Upgraded OpenSSL to 1.0.2h to address multiple vulnerabilities (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176).
- Enhanced the compatibility of Synology NAS with Hyper-V exports.
- Fixed an issue where adding ACL permissions or changing file owner would fail in Windows via SMB.
- Fixed an issue where iSCSI ACL could not access LUNs properly.
- Fixed an issue where editing shared folders would fail when shared folder netlogn/sysvol existed.
- Fixed an issue where channel scan could not be performed on entry Marvell models with certain DVB-T dongles.
- Fixed an issue where LUNs could not be backed up to an external SATA device.
- Fixed an issue where iSCSI service might cause a system crash in a VMware environment under heavy load.
- Before the official patch is released, workaround is applied to mitigate multiple vulnerabilities of ImageMagick module (CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718).