Synology released DSM 6.1.3–15152 Update 5 on September 25, 2017 which contains two bluetooth related security updates, in addition to fixing six other issues. If you don’t have a bluetooth dongle on your NAS the security vulnerabilities don’t affect you.
One of the fixes (#5 listed below) could impact you if QuickConnect is enabled since updates may not be verified. This is mitigated by the requirement that your update process would need to be re-directed to a malicious update server.
This update will immediately reboot the NAS when it is applied.
I have applied it to a DS1815+, DS716+, DS415+ and a DS1511+ without having any issues. The following fixes are included in the update according to Synology.
* The update is expected to be available for all regions within the next few days, although the time of release in each region may vary slightly.
* This update will restart your Synology NAS.
1. Enhanced monitor mechanism of drive temperatures.
2. Enhanced compatibility of certain drives.
3. Improved the healing mechanism for possible cache device errors.
4. Enhanced file system stability by backporting Kernel updates.
5. Fixed an issue where DSM might not check updates properly when QuickConnect is enabled.
6. Enhanced the stability of DSM startup.
7. Fixed a security vulnerability regarding Bluetooth dongle (CVE–2017–1000250).
8. Fixed a security vulnerability regarding Linux kernel (CVE–2017–1000251). This is sometimes referred to as the Blueborne vulnerability.