Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Mothballing Synology NAS



On 2/5/2018 10:30 AM, Joe Polcari wrote:
> I just got an update today which, I think, covers it.

The CVE referenced in the release notes fixes a local privilege
escalation bug in ipesc. The Meltdown/Spectre CVEs are still listed as
"Ongoing" as of this writing:

https://www.synology.com/en-us/support/security/Synology_SA_18_01


On 2/5/2018 9:33 AM, markw at mohawksoft.com wrote:
> This is common across the industry. EMC, Cisco, IBM, and others have
> said basically the same thing. I would dump synology because its
> crap, but not because of that.
My IBM references rank Meltdown/Spectre as "High Severity".

Likewise, my Netapp references rank them as "High Severity".

Cisco (network side) does rank them lower because network gear has a
much smaller attack surface than general purpose computers. The people
on the Unity side rank them much higher.

But then, Synology's failure to take these vulnerabilities seriously
does put them in the "crap" category. :)

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org