Important Information Regarding OpenSSL Vulnerability (CVE-2016-7052, CVE-2016-6304)
Two vulnerabilities regarding OpenSSL were revealed (CVE-2016-7052 and CVE-2016-6304).
The vulnerability CVE-2016-7052 resulted from a CRL sanity check which was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i, while the other vulnerability CVE-2016-6304 allowed malicious clients to send an excessively large OCSP Status Request extension, leading to a Denial Of Service attack through memory exhaustion.
After the initial investigation, Synology has concluded that DSM itself is not affected by these vulnerabilities.
However, for precautionary purposes, a newer version of OpenSSL has been released to address this issue.
To fix the security issues, please go to DSM > Control Panel > Update & Restore > DSM Update and install DSM 6.0.2-8451 Update 2 or above to protect your Synology NAS from malicious attack.