Synology^® DSM 5.0 Secured Against OpenSSL Heartbleed Vulnerability

Taipei, Taiwan—April 11st, 2014—Synology^® Inc. today releases the latest DSM 5.0-4458 Update 2 to resolve the vulnerability CVE-2014-0160 (also known as the Heartbleed bug) in the OpenSSL software.

As the OpenSSL is one of the largest encryption libraries on the Internet today and has been used by many websites, Synology has taken immediate actions to mitigate this issue:

• For users running DSM 5.0, please follow the instructions on Security Advisory to update DSM and renew SSL certification.
• DSM 4.3 users are advised to update their systems to DSM 5.0. If users want to stay in DSM 4.3, patch will be ready by the end of April.
• DSM 4.1 users are advised to upgrade their systems to DSM 4.2, while patch for DSM 4.2 will be delivered in one week.
• DSM 4.0 and previous versions are not affected.
• MyDS Center servers have been patched and are safe to use. However, MyDS Center users are strongly suggested to change MyDS password to ensure the safety of their personal information.

Synology values data & system security as one of its prime directive, and will continue devoting resources to equip our solutions with reliable security measures to prevent potential threats. If users need help with their systems after being upgraded to the latest DSM version or have any further questions, please contact security@synology.com.