Important Information Regarding PHP Vulnerability (CVE-2016-7124)

Publish Time: 2016-12-02 00:00:00 UTC+8

Last Updated: 2016-12-02 12:00:00 UTC+8

Severity
Important
Status
Resolved

Description

A security vulnerability regarding PHP (CVE-2016-7124) has been identified where remote attackers can perform different kinds of malicious attacks or have other unspecified impacts via object injection.

Severity

Important

Resolution

To fix the security issue, please go to DSM > Package Center and update the following packages to the latest version to protect your Synology NAS from malicious attacks:

  • PHP 5.6
  • PHP 7.0
  • phpMyAdmin
  • SugarCRM

Update Availability

Synology will provide the latest version of the following packages in Package Center.

  • Available from December 2:
    • PHP 5.6.28
    • PHP 7.0.13
  • Available from December 5:
    • phpMyAdmin 4.6.5
    • SugarCRM 6.5.24

References

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7124
https://www.sugarcrm.com/security/sugarcrm-sa-2016-008
https://www.phpmyadmin.net/security/PMASA-2016-70
https://bugs.php.net/bug.php?id=72663
https://www.owasp.org/index.php/PHP_Object_Injection