Posting from Synology email.
Taipei, Taiwan—April 11st, 2014—Synology® Inc. today releases the latest DSM 5.0-4458 Update 2 to resolve the vulnerability CVE-2014-0160 (also known as the Heartbleed bug) in the OpenSSL software.
As the OpenSSL is one of the largest encryption libraries on the Internet today and has been used by many websites, Synology has taken immediate actions to mitigate this issue:
For DiskStation and RackStation running DSM 5.0 and DSM 4.3, it is strongly recommended to apply DSM 5.0-4458 Update 2 via Control Panel and renew SSL certification (read more in Security Advisory).
For DiskStation or RackStation running DSM 4.2, patch will be delivered in one week.
MyDS Center servers have been patched and are safe to use. However, MyDS Center users are strongly suggested to change MyDS password to ensure the safety of their personal information.
Synology values data & system security as one of its prime directive, and will continue devoting resources to equip our solutions with reliable security measures to prevent potential threats. If users need help with their systems after being upgraded to the latest DSM version or have any further questions, please contact security@synology.com.