Advisory Summary

Updated Netatalk to version 3.1.12 to address a memory unsafety vulnerability that could allow arbitrary code execution by an unauthenticated user.

• CVE Number: CVE-2018-1160

Updated Samba to version 4.3.11-16 to resolve a remote code execution vulnerability that could allow malicious clients to upload a shared library to a writeable directory and have the server load and execute it.

• CVE Number: CVE-2017-7494

The version of portable SDK for UPnP (Universal Plug and Play) was vulnerable to a number of remote code execution vulnerabilities. Resolved the issue by updating the libupnp component to version 1.6.25.

• CVE Number: CVE-2012-5958

Addressed additional Cross Site Request Forgery (CSRF) issues throughout My Cloud Dashboard Web user interface.

Apache has been updated to version 2.4.34 to address multiple vulnerabilities.

Resolved unauthenticated remote command injection as root vulnerability in the My Cloud dashboard.

• CVE Number: CVE-2016-10107
• Reported by: Daniel Forse

Resolved unauthenticated remote command injection as root vulnerability on the My Cloud analytics page.

• CVE Number: CVE-2016-10108
• Reported by: Sam Thomas

The OpenSSL component has been updated to version 1.0.1t to address multiple vulnerabilities.

• CVE Number: CVE-2016-2107
• CVE Number: CVE-2016-2105
• CVE Number: CVE-2016-2106
• CVE Number: CVE-2016-2109
• CVE Number: CVE-2016-2176