Important Information about OpenSSL Alternative Chains Certificate Forgery Vulnerability: CVE-2015-1793

Severity
Status
Resolved

Description

A vulnerability in OpenSSL has been discovered which occurs when the client attempts to find an alternative certificate chain if the first attempt to build such a chain fails.

A through investigation shows that DSM itself is not vulnerable to this security flaw when acting as a service server for client authentication. Few services could be impacted, and only with relatively limited sensitivity of the information transferred, and we are working on the updates to be released shortly.

From our investigation, the risk is considered to be medium.

Synology is unaware of any cases at this time.

Update availability

To fix the security issues, please go to DSM > Control Panel > Update & Restore > DSM Update and install DSM 5.2-5592 Update 1 or above to protect your DiskStation from malicious attacks.