Synology released a statement about the “Shellshock” vulnerability.
From the statement:
A vulnerability of a commonly used UNIX command shell, Bash, has been discovered allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers are not concerned. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible.
Only one of my three DiskStations is on the vulnerable list (the 1511+). That particular NAS always gets updated last. It’s used for all my backups and file storage. While recovery would be possible it would take a long time. My test NAS (the 212J) isn’t on the vulnerable list so I can’t test the updated firmware. My main NAS, the DS212+, isn’t on the list either.
Since I can’t test the update I’m not applying it to my 1511+. The 1511+ isn’t accessible from the internet, it isn’t even set up for quick connect, and my router wouldn’t send any Internet traffic to it. So the risk to me seems nearly non-existent and the risk of problems is higher than normal. I’ll wait until others beat on the update for awhile and apply it sometime in the future, maybe just the next update. As I write this the update for the DS1511+ isn’t available from the download center or through automatic update.
I upgraded my test NAS to the DSM 5.1 beta. It’s a simple process that I’ll cover here. This is beta software so there will be bugs. The only unknown is the severity of those bugs. Downgrading to the older version can be done but isn’t officially supported and will wipe out the current data and settings. You may want to back up the data and settings before doing this. Do this update at your own risk.
My screenshots were done on a Mac but the only difference on Windows is the file browsing.
- Download the DSM 5.1 beta firmware for your specific NAS from Synology. Click the “Install now” button at the previous link and follow the directions. Download the firmware to your local computer.
- Log as admin on the the web interface for your DiskStation. Open Control Panel then DSM Update. Once there click the manual update button.
- Browse to the firmware file you downloaded and select it.
- It will take a minute or two to load the file then you’ll be prompted to confirm the upgrade.
- Now all you need to do is wait. I was prompted that it would take about 10 minutes. I get this same time estimate with every NAS and every update but in this case it was accurate. The DiskStation will reboot on its own.
- Once you log on a series of tips will be display. Click the screen to advance through the tips.
- Then a new tutorial is opened. The tutorial is geared to new DSM users, at least new DSM 5.x users. It doesn’t specifically call out new features in DSM 5.1.
All my installed packages were upgraded when I installed the DSM 5.1 beta. From what I remember, in the past I had to do the upgrades manually after the firmware upgrade. So this was a nice bonus.
It seems that all my Android Synology apps received a recent update. (“Recent” meaning today.) The mobile Note Station app was also available for Android. None of my iOS apps have been updated yet and the iOS Note Station app isn’t available yet either. I’m hoping they’ll appear soon and are just delayed by the iOS 8 app deluge.
There haven’t been any obvious problems since the update. But I’ve yet to really give the software a workout.
Synology has released Synology DSM 5.1 beta. As usual, even though this is just a “dot release” (DSM 5.0 to DSM 5.1) there’s a lot of new features and enhancements to existing features. There’s an entirely new Notes application with its own mobile app.
I’ll be installing the beta on my Synology DS212J later tonight to begin testing it. While past betas have been relatively problem free there will be bugs so I’ll be holding off on my production DS212+. I may like the beta so much that I’ll eventually put the beta on it. My big backup box, the DS1511+ won’t get upgraded until the production DSM 5.1 is released.
I’m looking forward to the Notes application although replacing Evernote may be a stretch. I’m also looking forward to the new security and backup features.
Support – Synology – Network Attached Storage (NAS) DSM 5.0-4493 Update 5.
Synology has released another DSM 5 update. Only two fixes listed but one of them is a security fix:
Fixed a vulnerability that could allow servers to accept unauthorized access.
I updated my DS212J and DS1511+ without incident. While I do use encrypted folders I haven’t had a problem so I can’t verify that it fixed anything.
I’ll update my DS212+ at the end of the day and post an update if I have any issues. The update of my DS212+ also went fine.