Synology has released six security bulletins in December. Synology classified all of them as moderate.
Two of them apply to Photo Station so you’ll want to make sure you’re on Photo Station version 6.8.0-3461 or above. At this time version 6.8.0-3461 is the current version. Synology Security Bulletin SA-17:76 identifies a problem that allows remote users to access sensitive information. Synology Security Bulletin SA-17:80 identifies an issue that allows a remote user to inject arbitrary code into Photo Station.
Users of Surveillance Station 8.1 will want to update to version 8.1.2-5469 or above to address the vulnerability identified in Synology Security Bulletin SA-17:77. At this time version, 8.1.2-5469 is the current version of Surveillance Station.
MailPlus Server is vulnerable to remote authenticated users injecting code. This is described in Synology Security Bulletin SA-17:75 and affects MailPlus Server before version 1.4.0-0415 which is the current version at this time.
Chat is vulnerable to remote authenticated users assessing intranet resources or injecting code as described in Synology Security Bulletin SA-17:78. This is fixed in version 2.0.0-1124.
Synology Router Manager could also allow remote authenticated users to execute arbitrary code as described in Synology Security Bulletin SA-17:79. It is fixed in version 1.1.6-6931. (SRM is the OS for Synology’s router models.)
Hopefully, there won’t be any security related updates this year, and we can enjoy a quiet holiday.