Synology Security Updates

Synology News

Security related words graphicSynology has recently released three security bulletins for vulnerabilities in three different packages. All the updates mentioned are available now for DSM 6.1 along with the DSM 6.2 beta.

Download Station (Synology-SA-17:62 Important: Wget update)

From the security bulletin:

Multiple security vulnerabilities have been found in Wget, and may allow man-in-the-middle attackers to execute arbitrary codes, or cause denial-of-service attack from a vulnerable version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and Download Station.

Update Download Station to 3.8.7-3490 or above in order to patch this vulnerability.

Photo Station (Synology-SA-17:63 Moderate: Photo Station update)

From the security bulletin:

Multiple security vulnerabilities have been found in Photo Station, and may allow remote attackers to read arbitrary files, or obtain sensitive system information from a vulnerable version of Synology Photo Station.

Update Photo Station to 6.8.1-3458 or above to patch this vulnerability.

CardDav (Synology-SA-17:64 Critical: CardDAV Server update)

From the security bulletin:

CVE-2017-15887 allows remote users to obtain system user accounts with brute-force attack from a vulnerable version of CardDAV Server.

Update CardDAV Server to 6.0.7-0085 or above to patch this vulnerability.

0 comments… add one

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.