DSM 4.3-3827 Update 4

Publish Time: 2014-06-25 00:00:00 UTC+8

Last Updated: UTC+8

Status: Resolved

Description

The upgrade of OpenSSL in DSM 4.3-3827 Update 4 addresses the following security vulnerabilities:

a vulnerability that allows remote attackers to exploit a weakness to perform a man-in-the-middle attack in certain OpenSSL-to-OpenSSL communications and obtain sensitive information. (CVE-2014-0224)
a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service via a long non-initial fragment. (CVE-2014-0195)
several vulnerabilities that allow remote attackers to perform various kinds of DoS attacks. (CVE-2014-0221, CVE-2014-0198, CVE-2010-5298,CVE-2014-3470)

Resolution

To fix the security issues, please go to DSM > Control Panel > DSM Update page, install the latest updates to protect DiskStation from malicious attacks.