Not much news since the mid-month update. These days there’s always a security bulletin or two. A DSM and SRM update bring those security patches along with some bug fixes.
All versions of DSM had a vulnerability that allows authenticated users to execute arbitrary OS commands, or obtain sensitive information. For DSM 6.2, upgrade to version 6.2-23739-1 or above. For DSM 6.1 upgrade to 6.1.7-15284-1 or above. The older DSM 6.0 and DSM 5.2 also need to be upgraded to the latest version to patch the vulnerability. While rated as Important, user authentication is required to exploit the bug, which may make it less critical in your environment. The security bulletin is Synology Security Bulletin SA-18:33.
Synology Router Manager (SRM) has the same bug, which is patched in the latest SRM update (1.1.7-6941-1 or above). See Synology Security Bulletin SA-18:34 for more information.
DiskStation Manager (DSM) Updates
Synology release notes indicate that DSM 6.2 was updated to version 6.2-23739-1. I have not received this update on any Synology NAS, and it’s not in the download center for my NAS models. It is in the download archive for manual update. I haven’t applied the update, and will wait until Synology actively pushes it out. All the Synology NAS devices I support have trusted users that already have admin access. The security patches require privilege escalation, so it’s not critical for me. If you need the update, you can find it here.
The update fixes the following issues:
- Fixed a security vulnerability regarding Linux kernel (CVE-2018-8897).
- Enhance the performance of Surveillance Station when deleting recordings in btrfs volume.
- Fixed multiple security vulnerabilities. (Synology-SA-18:33)
- Fixed an issue where VAAI might fail after iSCSI LUN was recovered by LUN Backup.
- Fixed an issue where LUN configuration might be inconsistent.
- Minor bug fixes.
Synology Router Manager (SRM) Updates
SRM was updated the version 1.1.7-6941-1.
- Fixed a security vulnerability regarding Wget (CVE-2018-0494).
- Fixed a security vulnerability (Synology-SA-18:34).
- Fixed multiple security vulnerabilities regarding CPU Spectre on RT2600ac (Synology-SA-18:01).
Synology has officially released Virtual Machine Manager Pro. The VMMP was previously available as a beta. Now that it’s official, licenses must be purchase. (Press Release) Licenses are available in 3 and 7 license packs. This page has information about the licenses, supported models, and differences between the Standard (free) and Pro (paid) versions.