DSM 5.0-4458 Update 2

Publish Time: 2014-04-10 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

DSM 5.0-4458 Update 2 addresses vulnerability below:

  • A critical security issue of OpenSSL known as Heartbleed which allows remote attackers to obtain sensitive information from process memory. (CVE-2014-0160)

Read First

The below resolution is only necessary if you enabled or used HTTPS, VPN, and FTPS services on your DiskStation prior to installing DSM 5.0-4458 Update 2.

Resolution

To fix this security issue, please to go to DSM > Control Panel > DSM Update and install the latest update to protect your DiskStation from this vulnerability.

After updating DSM, we recommend renewing the SSL certificate since your SSL encryption keys might have been compromised. Go to Control Panel > Security > Certificate to check whether you have a third-party or self-signed certificate.

  • For self-signed SSL certificate renewal:
    1. To renew your certificate using DSM, please go to Control Panel > Security > Certificate, click Create Certificate > Create self-signed certificate.
    2. Follow the instructions to complete self-signed certificate process.
  • For third-party SSL certificate renewal:
    1. To renew your certificate via third-party certificate authority (CA), please go to Control Panel > Security > Certificate, click Create certificate > Renew certificate to create a certificate signing request (CSR) and a new private key. Download them to your computer.
    2. Use the CSR to acquire a new certificate from your CA.
    3. Go to Control Panel > Security > Certificate and click Import certificate to import the certificate from the CA (server.key, example.crt).

As a precaution, you can change your DSM passwords, even if there is no evidence that your data was accessed using this vulnerability.

A self-signed certificate refers to a certificate that was created and signed by the same entity whose identity it certifies (in this case, the Synology NAS). Self-signed certificates provide less proof of the identity of the server and are usually only used to secure channels between the server and a group of known users.