Synology just let me know that it’s about to push out updates for DSM, its web based OS for Diskstation products, that will patch a Heartbleed related security vulnerability. It’s coming today or tomorrow for DSM 5.0  and in a week for DSM 4.2 users. More info below.

Synology® DSM 5.0 Secured Against OpenSSL Heartbleed Vulnerability

Taipei, Taiwan—April 11st, 2014—Synology® Inc. today releases the latest DSM 5.0-4458 Update 2 to resolve the vulnerability CVE-2014-0160 (also known as the Heartbleed bug) in the OpenSSL software.

As the OpenSSL is one of the largest encryption libraries on the Internet today and has been used by many websites, Synology has taken immediate actions to mitigate this issue:

l   For DiskStation and RackStation running DSM 5.0 and DSM 4.3, it is strongly recommended to apply DSM 5.0-4458 Update 2 via Control Panel and renew SSL certification (read more in Security Advisory).

l   For DiskStation or RackStation running DSM 4.2, patch will be delivered in one week.

l   MyDS Center servers have been patched and are safe to use. However, MyDS Center users are strongly suggested to change MyDS password to ensure the safety of their personal information.

Synology values data & system security as one of its prime directive, and will continue devoting resources to equip our solutions with reliable security measures to prevent potential threats. If users need help with their systems after being upgraded to the latest DSM version or have any further questions, please contact security@synology.com.

Synology at a Glance

Synology is dedicated to provide professional IP-based video surveillance solution, combining the functionality of advanced NVR and NAS (network attached storage). The company aims to deliver a scalable, future proof, user-friendly NVR solutions and solid customer service to satisfy the needs of business, individual users and our partners.