DSM 5.0-4528
Publish Time: UTC+8
Last Updated: UTC+8
- Status
- Resolved
Description
DSM 5.0-4528 includes the security fixes of multiple critical updates since DSM 5.0-4458 and also explicitly addresses the following security vulnerabilities:
- Two Linux kernel vulnerabilities that could allow local users to cause a denial of service resulting in uncontrolled recursion or unkillable mount process (CVE-2014-5471 and CVE-2014-5472).
- One Linux kernel vulnerability that could allow local users to cause a denial of service or possibly gain privileges via a crafted application that triggers a zero count (CVE-2014-0205).
- One Linux kernel vulnerability that could allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate (CVE-2014-6657).
- One SNMP vulnerability where the improper validation of input could allow remote attackers to cause a denial of service (CVE-2014-2284).
- Minor fixes related to the ShellShock Bash vulnerabilities previously addressed in DSM 4493-05 updates (Bash 4.2-51, 4.2-52, and 4.2-53).
Resolution
To fix the security issues, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks. Completing this update will automatically restart your system.