On 2/5/2018 10:30 AM, Joe Polcari wrote: > I just got an update today which, I think, covers it.
The CVE referenced in the release notes fixes a local privilege escalation bug in ipesc. The Meltdown/Spectre CVEs are still listed as "Ongoing" as of this writing: https://www.synology.com/en-us/support/security/Synology_SA_18_01 On 2/5/2018 9:33 AM, ma...@mohawksoft.com wrote: > This is common across the industry. EMC, Cisco, IBM, and others have > said basically the same thing. I would dump synology because its > crap, but not because of that. My IBM references rank Meltdown/Spectre as "High Severity". Likewise, my Netapp references rank them as "High Severity". Cisco (network side) does rank them lower because network gear has a much smaller attack surface than general purpose computers. The people on the Unity side rank them much higher. But then, Synology's failure to take these vulnerabilities seriously does put them in the "crap" category. :) -- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
