Info Latest versions of DSM/SRM and packages

Today there were four Synology security advisories: USB Copy; SSO Server; Note Station Client; Storage Analyzer. The package vulnerabilities are through remote authorised users, while the Note Station Client is a man-in-the-middle vulnerability.

All but SSO Server on DSM 6.2 are mitigated by updates for DSM 7.1, 7.0, and 6.2. Also, all the package fixes were released in 2021, so it is most likely that you have been using the fixes for a year or so already. Note Station Client was fixed in March 2022, so best to check that you are using it.

2022-08-01​

Mobile​

Android-Drive ✎ : 3.1.0-740 ⇩ ✱​

2022-07-29​

Utility​

C2IdentityADSyncTool ✎ : 1.0.1-00007 ⇩ ✱​

2022-07-27​

Os​

DSM ✎ : 7.1-42661-4 ⇩ ✱​

2022-07-21​

ChromeApp​

NoteStationClipper ✎ : 2.0-0111 ⇩ ✱​

2022-07-20​

Utility​

C2BackupAgent ✎ : 2.5.0-0329 ⇩​

2022-07-19​

Package​

SurveillanceStation ✎ : 9.0.1-7673 ⇩​

Mobile​

Android-Photos ✎ : 1.3.0-259 ⇩​

2022-07-12​

Package​

SynologyPhotos ✎ : 1.3.0-0317 ⇩​

ActiveBackup-Office365 ✎ : 2.4.0-12686 ⇩​

2022-07-07​

Utility​

SurveillanceStationClient ✎ : 2.0.1-2304 ⇩​

2022-07-04​

Package​

MailPlus-Server ✎ : 2.3.4-11082 ⇩​

GLPI ✎ : 10.0.2-0145 ⇩​

2022-07-01​

Package​

ThreatPrevention ✎ : 1.3.1-0907 ⇩​

2022-06-27​

Package​

CodecPack ✎ : 2.0.1-1021 ⇩​

2022-06-21​

Mobile​

Android-Drive ✎ : 3.0.1-712 ⇩​

2022-06-20​

Package​

MailClient ✎ : 2.3.4-11455 ⇩​

2022-07-07​

Utility​

C2BackupAgent ✎ : 2.4.0-0306 ⇩ ✱​

2022-07-06​

Utility​

ActiveBackupforRecoveryTool ✎ : 2.4.1-2321 ⇩ ✱​

ActiveBackupRecoveryMediaCreator ✎ : 2.4.1-1771 ⇩ ✱​

ActiveBackupBusinessAgent ✎ : 2.4.1-2321 ⇩ ✱​

Package​

ActiveBackup ✎ : 2.4.1-12321 ⇩ ✱​

2022-07-04​

Mobile​

Android-DSrouter ✎ : 2.1.0-376 ⇩​

2022-06-30​

Os​

DSM ✎ : 7.1-42661-3 ⇩​

Mobile​

Android-DSmail ✎ : 2.4.0-651 ⇩​

2022-06-29​

Package​

HybridShare ✎ : 1.3.0-0839 ⇩​

2022-06-24​

Package​

Tailscale ✎ : 1.22.2-220027 ⇩​

2022-06-22​

Utility​

C2IdentityDockerMgmtTool ✎ : 1.0.1-00161 ⇩​

C2IdentityAgent ✎ : 1.0.0-00421 ⇩​

Package​

C2IdentityLDAPAgent ✎ : 1.0.0-0161 ⇩​

2022-06-15​

Package​

SurveillanceDevicePack ✎ : 6.0.1-4402 ⇩​

2022-06-13​

Utility​

VPNPlusClient ✎ : 1.4.5-0684 ⇩​

2022-06-10​

Package​

domotz ✎ : 2.9.3-0518 ⇩​

​

2022-06-27​

Package​

CodecPack ✎ : 2.0.1-1021 ⇩ ✱​

2022-06-24​

Mobile​

Android-DSrouter ✎ : 2.1.0-375 ⇩​

2022-06-21​

Utility​

C2IdentityAgent ✎ : 1.0.0-00401 ⇩​

Mobile​

Android-Drive ✎ : 3.0.1-712 ⇩​

Mostly updates for SRM 1.3.1-9316 (Release Candidate), so not final, general release yet. So, as we say in English, caveat emptor

Also today...

Synology Security - Synology-SA-22:09 SRM

Multiple vulnerabilities allow remote authenticated users to inject SQL command or read and write arbitrary files via a susceptible version of Synology Router Manager (SRM). Continue reading... - - - Source: synology.com

www.synoforum.com

This vulnerability states it is for authenticated users on SRM, so that's people that are logged into SRM. Since the notice doesn't differentiate between users authenticated in SRM web portal, VPN Plus web portal, Cloud Station, network services (SMB, AFP, WebDAV, FTP, FTPS, SSH, or SFTP), or even a long shot RADIUS Server then I would just assume any authenticated user poses a risk. If you have limited user access to the router then you are probably ok to not jump onto this pre-release software.​

2022-06-21​

Mobile​

Android-Photos ✎ : 1.2.3-236 ⇩ ✱​

2022-06-20​

Os​

SRM ✎ : 1.3.1-9316 ⇩ ✱​

2022-06-13​

Utility​

VPNPlusClient ✎ : 1.4.5-0684 ⇩ ✱​

2022-06-09​

Package​

VPNPlusServer ✎ : 1.4.5-0684 ⇩ ✱​

2022-06-06​

Package​

ThreatPrevention ✎ : 1.3.1-0905 ⇩ ✱​

2022-05-17​

Package​

SafeAccess ✎ : 1.3.1-0326 ⇩ ✱​

2022-06-20​

Utility​

C2BackupAgent ✎ : 2.3.1-0284 ⇩ ✱​

2022-06-15​

Package​

SurveillanceDevicePack ✎ : 6.0.1-4402 ⇩ ✱​

Mobile​

Android-DSrouter ✎ : 2.1.0-373 ⇩ ✱​

2022-06-13​

Utility​

C2IdentityAgent ✎ : 1.0.0-00400 ⇩ ✱​

2022-06-13​

Utility​

C2BackupAgent ✎ : 2.3.1-0282 ⇩ ✱​

2022-06-10​

Package​

PACS ✎ : 5.26.0-1109 ⇩ ✱​

2022-06-06​

Utility​

C2IdentityAgent ✎ : 1.0.0-00386 ⇩ ✱​

2022-05-31​

Package​

nConnect ✎ : 1.0.8-70013 ⇩ ✱​

2022-05-31​

Package​

TeamViewer ✎ : 2.21.16-7004 ⇩​

2022-05-27​

Package​

MailPlus-Server ✎ : 2.3.3-11079 ⇩​

2022-04-28​

Package​

MailClient ✎ : 2.3.3-11454 ⇩​

2022-05-31​

Utility​

C2BackupAgent ✎ : 2.3.0-0268 ⇩​

2022-05-29​

Utility​

C2BackupRestoreMediaCreator ✎ : 2.3.0-0267 ⇩
C2BackupRecoveryTool ✎ : 2.3.0-0267 ⇩​

2022-05-27​

Os​

DSM ✎ : 7.1-42661-2 ⇩ ✱​

2022-05-26​

Mobile​

Android-Drive ✎ : 3.0.0-709 ⇩​

2022-05-25​

Package​

ThreatPrevention ✎ : 1.3.0-0875 ⇩ ✱​

There is a similar update for SRM 1.2