DSM 4.2-3250
Publish Time: 2014-07-16 00:00:00 UTC+8
Last Updated: UTC+8
- Status
- Resolved
Description
The upgrade of OpenSSL in DSM 4.2-3250 addresses the following security vulnerabilities:
- a vulnerability that allows remote attackers to exploit a weakness to perform a man-in-the-middle attack in certain OpenSSL-to-OpenSSL communications and obtain sensitive information. (CVE-2014-0224)
- a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service via a long non-initial fragment. (CVE-2014-0195)
- several vulnerabilities that allow remote attackers to perform various kinds of DoS attacks. (CVE-2014-0221, CVE-2014-0198, CVE-2010-5298,CVE-2014-3470)
Resolution
To fix the security issue, please to go to DSM > Control Panel > DSM Update page, install the latest updates to protect DiskStation from malicious attacks.