Important Information about OpenSSL Vulnerabilities (CVE-2016-2107 and CVE-2016-2108)

Severity
Security.impact_level_
Status
Resolved

Description

On 3rd of May, two high-severity vulnerabilities regarding OpenSSL were revealed (CVE-2016-2107 and CVE-2016-2108).

After the initial investigation, it has been confirmed that these two vulnerabilities have no direct impact on Synology NAS, and the number of models affected by CVE-2016-2107 is limited. However, for precautionary purposes, Synology is working on DSM 6.0 and DSM 5.2 updates addressing these two vulnerabilities.

Update availability

The patch for addressing these OpenSSL vulnerabilities will be available for DSM 6.0 this week and for DSM 5.2 in the coming week.