Synology News & Security Recap – July 15, 2018

Synology News

Synology News tileSecurity Bulletins

There are only two security bulletins so far in July.

The first is Synology Security Bulletin SA-18:35 File Station which patches a vulnerability that allows a remote attacker to access sensitive information. If you’re running File Station 1.2, then update to version 1.2.3 or higher. If you run File Station 1.1, then update to 1.1.5 or higher.

The second is Synology Security Bulletin SA-18:36 DSM which allows a remote authenticated user to obtain sensitive information. If you’re on DSM 62. the update to DSM 6.2-23739-2 or above. If you’re on DSM 6.1, then update to DSM 6.1.15284-2 or above. DSM 6.0, DSM 5.2, Virtual DSM, SkyNAS, and VS960HD are still waiting on a patch.

DiskStation Manager (DSM) Updates

DSM 6.2-23739-2

As mentioned in the Security Bulletin section, DSM 6.2-23739-2 was released. The official release date was July 12th although I have not seen it in the update section for any NAS that I support. If you need the update, you can find the firmware for a manual update here.

The update contains the following fixes:

  1. Adjusted power saving mechanism to improve PCIe compatibility.
  2. Fixed multiple security vulnerabilities regarding Linux kernel (Synology-SA-18:01).
  3. Fixed an issue where iSCSI Manager might not open for the incompatible format of iSCSI LUN configuration files set up before DSM 5.2.
  4. Enhanced package start-up performance.
  5. Fixed a security vulnerability (Synology-SA-18:36).

DSM 6.1.7-15284-2

As mentioned in the Security Bulletin section, DSM 6.1-15284-2 was released.

Unlike the DSM 6.2 update, I have seen this update in the update section for all my NAS units still running DSM 6.1.

The update contains the following two fixes:

  1. Adjusted power saving mechanism to improve PCIe compatibility.
  2. Fixed a security vulnerability (Synology-SA-18:36).
0 comments… add one

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.