Synology Network Storage currently uses an outdated version of netatalk to support specific Apple network protocols. This tears some critical security gaps into the devices. The manufacturer provides an updated version of the operating system that fixes the problems – but not yet for all branches of development.
As early as Monday of this week, the manufacturer Qnap warned of problems with netatalk in the company’s NAS devices. The update of the version of netatalk anchored in the operating system also fixes four security-related errors at Synology with a risk classified as critical, as well as one with a high and two with a medium threat level for users of the devices.
As affected software versions lists Synology in a security advisory the firmware Disk Station Manager 6.2 (DSM), DSM 7.0 and DSM 7.1 on. Also included are the operating systems VS Firmware 2.3 and SRM 1.2 the vulnerable netatalk version.
The manufacturer now provides the error-free version for Disk Station Manager 7.1 7.1-42661-1 ready. According to the security notification, the developers are still working on updates for the other affected systems.
To apply the updated firmware, administrators should remove the .pat file containing the update from the Synology download page to suit your device and the installed version and download it. The “Manual DSM update” page must now be called up in the user interface of the device and the .pat file selected there by clicking on “Browse”. The update then starts when you select “Apply”.