This is common across the industry. EMC, Cisco, IBM, and others have said basically the same thing. I would dump synology because its crap, but not because of that.
> The Meltdown and Spectre vulnerabilities were publicly disclosed 3 > January. > > Synology posted their own security advisory 5 days later on 8 January > listing these vulnerabilities as moderate "because these vulnerabilities > can only be exploited via local malicious programs." As if there were no > ways for "local malicious programs" to ever be installed or injected. > > As of 4 February, a month after the initial disclosure, Synology have > yet to release fixes for these vulnerabilities. > > I will be mothballing my Synology NAS box as soon as I get a replacement > for it up and running. I have the parts. I just need to assemble and > test them, install an OS, and move the drives. > > -- > Rich P. > _______________________________________________ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss