My Cloud Firmware Version 5.25.124
WDC Tracking Number: WDC-22019
Product Line: My Cloud
Published: December 1, 2022
Last Updated: December 1, 2022
Description
My Cloud OS 5 Firmware 5.25.124 includes updates to help improve the security of your My Cloud OS 5 devices
To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
For more information on the latest security updates, see the release notes.
Advisory Summary
Resolved an authentication issue with the encrypted volumes and auto mount feature. This bug could result in an insecure direct access to the drive information in the case of a device reset.
CVE Number: CVE-2022-29838
Western Digital would like to thank Asim Rehman for reporting this issue.
Addressed a memory out-of-bounds vulnerability that was caused while sending malicious data to the kernel by an ioctl cmd.
CVE Number: CVE-2021-33655
Updated the curl version to 7.64.0-4+deb10u3 to addressed multiple vulnerabilities that could allow remote attackers to obtain sensitive information, leak authentication or cookie header data, or facilitate a denial-of-service attack.
CVE Number: CVE-2021-22898, CVE-2021-22924, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Updated open-source package FLAC to version 1.3.2-3+deb10u2 to resolve an out-of-bounds write due to missing bounds check which could lead to a local information disclosure with no additional execution privileges needed.
CVE Number: CVE-2021-0561
Configured the Remote Backups application to encrypt credentials to resolve an insufficiently protected credentials issue where if an attacker gains access to a relevant endpoint, they can use that information to access protected data.
CVE Number: CVE-2022-29839