The Meltdown and Spectre vulnerabilities were publicly disclosed 3 January.
Synology posted their own security advisory 5 days later on 8 January listing these vulnerabilities as moderate "because these vulnerabilities can only be exploited via local malicious programs." As if there were no ways for "local malicious programs" to ever be installed or injected. As of 4 February, a month after the initial disclosure, Synology have yet to release fixes for these vulnerabilities. I will be mothballing my Synology NAS box as soon as I get a replacement for it up and running. I have the parts. I just need to assemble and test them, install an OS, and move the drives. -- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
