Important Information Regarding PHPMailer Vulnerability (CVE-2017-5223)
Publish Time: 2017-01-18 00:00:00 UTC+8
Last Updated: 2017-01-18 12:00:00 UTC+8
PHPMailer (for DSM) is reported to have a local file disclosure vulnerability (CVE-2017-5223). This vulnerability will have malformed mails sent to attackers and allow them to download arbitrary files on DSM.
Synology is now working on the upcoming DSM 6.0 and DSM 6.1 updates to address this issue.
To fix the security issue, please go to DSM > Package Center and update the following package to the latest version for optimal protection:
- Photo Station 6.6.3-3347
Synology will release a DSM 6.0 update (6.0.2-8451-9,6.0.2-8575-03 for FS3017) and SRM 1.1.3 - 6447 Update 1 to address this issue in the coming week.