DSM 5.0-4493 Update 4
Publish Time: 2014-08-26 00:00:00 UTC+8
Last Updated: UTC+8
- Status
- Resolved
Description
DSM 5.0-4493 Update 4 addresses the following security vulnerabilities regarding OpenSSL and Kerberos 5:
- multiple vulnerabilities that allow remote attackers to use multiple weaknesses to perform denial of service attacks to cause application crash or CPU consumption (OpenSSL: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3512, and CVE-2014-5139).
- a vulnerability that allows context-dependent attackers to obtain sensitive information from process stack memory (OpenSSL: CVE-2014-3508).
- a vulnerability that allows man-in-the-middle attackers to cause a downgrade to TLS 1.0 even though both server and client support higher TLS version (OpenSSL: CVE-2014-3511).
- a vulnerability that allows remote authenticated administrators to exploit creating a request via KRB5_KDB_DISALLOW_ALL_TIX that lacks a password to cause a denial of service (Kerberos 5: CVE-2012-1013).
- multiple vulnerabilities that allow remote attackers to use multiple exploits to cause denial of service attacks resulting in buffer over-read, NULL pointer dereference, or application crash (Kerberos 5: CVE-2014-4341, CVE-2014-4344 and CVE-2014-4342).
Resolution
To fix the security issues, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your Synology NAS from malicious attacks.