[German]Manufacturer Synology has issued a Security Advisory on 18.12.2018 due to the Magellan vulnerability in its products. Here is a short overview.
Blog reader @PhantomofMobile sent me the Synology mail with the security message. It is about the Magellan vulnerability in SQLite, which I discussed in the blog post Magellan: SQLite vulnerability puts Million Apps at Risk. In the Security Advisory Synology-SA-18:61, the vendor writes:
Abstract
Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.
Affected Products
| Product | Severity | Fixed Release Availability |
| DSM 6.2 | Moderate | Ongoing |
| DSM 6.1 | Moderate | Pending |
| DSM 5.2 | Moderate | Pending |
| SkyNAS | Moderate | Pending |
| VS960HD | Moderate | Ongoing |
| SRM 1.2 | Moderate | Ongoing |
| Active Backup | Moderate | Ongoing |
| Download Station | Moderate | Ongoing |
| Log Center | Moderate | Ongoing |
| Mail Server | Moderate | Ongoing |
| MailPlus | Moderate | Ongoing |
| MailPlus Server | Moderate | Ongoing |
| Python 3 | Moderate | Ongoing |
| Surveillance Station | Moderate | Ongoing |
| Synology Application Service | Moderate | Ongoing |
| Universal Search | Moderate | Ongoing |
There is currently no fix for closing or mitigating the vulnerability.
