DSM 5.0-4528

Description

DSM 5.0-4528 includes the security fixes of multiple critical updates since DSM 5.0-4458 and also explicitly addresses the following security vulnerabilities:

• Two Linux kernel vulnerabilities that could allow local users to cause a denial of service resulting in uncontrolled recursion or unkillable mount process (CVE-2014-5471 and CVE-2014-5472).
• One Linux kernel vulnerability that could allow local users to cause a denial of service or possibly gain privileges via a crafted application that triggers a zero count (CVE-2014-0205).
• One Linux kernel vulnerability that could allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate (CVE-2014-6657).
• One SNMP vulnerability where the improper validation of input could allow remote attackers to cause a denial of service (CVE-2014-2284).
• Minor fixes related to the ShellShock Bash vulnerabilities previously addressed in DSM 4493-05 updates (Bash 4.2-51, 4.2-52, and 4.2-53).

Resolution

To fix the security issues, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks. Completing this update will automatically restart your system.