DSM 3.1-1639

Publish Time: 2014-09-09 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

The update of DSM 3.1-1639 addresses the following security vulnerabilities:

  • a vulnerability that could allow servers to accept unauthorized access.
  • multiple vulnerabilities that allow remote attackers to use multiple weaknesses to perform denial of service attacks to cause application crash or CPU consumption (OpenSSL: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3512, and CVE-2014-5139).
  • a vulnerability that allows context-dependent attackers to obtain sensitive information from process stack memory (OpenSSL: CVE-2014-3508).
  • a vulnerability that allows man-in-the-middle attackers to cause a downgrade to TLS 1.0 even both server and client support higher TLS version (OpenSSL: CVE-2014-3511).

Resolution

To fix the security issues, please go to DSM > Control Panel > DSM Update page, install the latest updates to protect DiskStation from malicious attacks.