There has been some recent discussion among the security folk on Reddit and other sites regarding the recent OpenSSL vulnerability here:
http://lists.grok.org.uk/pipermail/full ... 86585.html
http://www.reddit.com/r/netsec/comments ... d_lead_to/
Summary: [Full-disclosure] incorrect integer conversions in OpenSSL can result in memory corruption.
All versions of OpenSSL on all platforms up to and including version 1.0.1 are
A quick look at the latest DSM I am running (DSM 4.0-2219) reports the following version of OpenSSL:
Apache httpd 2.2.22 ((Unix) mod_ssl/2.2.22 OpenSSL/1.0.0h
Synology security team, kindly look into this matter as I know mod_ssl may also be vulnerable to this memory corruption. Thanks a lot for your efforts and keeping us safe!