DSM 5.0-4627

Description

DSM 5.0-4627 includes the security fixes of multiple critical updates since DSM 5.0-4662 and also explicitly addresses the following security vulnerabilities:

• A vulnerability that could allow servers to accept unauthorized access requests.
• Multiple vulnerabilities that allows remote attackers to use multiple weaknesses to perform denial of service attacks to cause application crash or CPU consumption (OpenSSL: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3512, and CVE-2014-5139).
• A vulnerability that allows context-dependent attackers to obtain sensitive information from process stack memory (OpenSSL: CVE-2014-3508).
• A vulnerability that allows man-in-the-middle attackers to cause a downgrade to TLS 1.0 even though both server and client support higher TLS versions (OpenSSL: CVE-2014-3511).
• Two cURL-related vulnerabilities that could cause IP leaks (CVE-2014-3613 and CVE-2014-3620).
• Multiple vulnerabilities that could allow remote attackers to cause denial of service attacks resulting in CPU consumption, application crash, or NULL pointer dereference (CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120, and CVE-2014-3597).
• A vulnerability that could allow remote attackers to overwrite arbitrary files (CVE-2014-5120).
• A vulnerability that could allow remote attackers to cause a denial of service resulting in application crash or possibly execute arbitrary code (CVE-2014-3597).
• A vulnerability that allows remote attackers to extract ElGamal private key information (libgcrypt: CVE-2014-5270).

Resolution

To fix the security issues, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks. Completing this update will automatically restart your system.