Release Note
https://www.synology.com/en-global/releaseNote/DSM
6.2.4
6.2.4-25556 Update 7 (Important)
- Netatalk
6.2.4-25556 Update 6 (Critical)
- AFP service
6.2.4-25556 Update 5 (Important)
-
DSM webapi component
OS Command Injection
allows remote authenticated users to execute arbitrary commands via unspecified vectors
6.2.4-25556 Update 4 (Important)
-
Samba vfs_fruit module
A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.