DSM 4.2-3250

Publish Time: 2014-07-16 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

The upgrade of OpenSSL in DSM 4.2-3250 addresses the following security vulnerabilities:

  • a vulnerability that allows remote attackers to exploit a weakness to perform a man-in-the-middle attack in certain OpenSSL-to-OpenSSL communications and obtain sensitive information. (CVE-2014-0224)
  • a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service via a long non-initial fragment. (CVE-2014-0195)
  • several vulnerabilities that allow remote attackers to perform various kinds of DoS attacks. (CVE-2014-0221, CVE-2014-0198, CVE-2010-5298,CVE-2014-3470)

Resolution

To fix the security issue, please to go to DSM > Control Panel > DSM Update page, install the latest updates to protect DiskStation from malicious attacks.