WD is happy to announce the release of My Cloud Firmware 2.31.149 for manual download at https://support.wdc.com for the following My Cloud products.
· My Cloud
· My Cloud Mirror Gen2
· My Cloud EX2 Ultra
· My Cloud EX2100
· My Cloud EX4100
· My Cloud DL2100
· My Cloud DL4100
· My Cloud PR2100
· My Cloud PR4100
• Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE 2016-10107.
• Resolved multiple cross site request forgery (CSRF) vulnerabilities.
• Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195).
• Resolved multiple denial-of-service vulnerabilities.
• Improved security by disabling SSH shadow information.
• Resolved a buffer overflow issue that could lead to unauthenticated access.
• Resolved a click-jacking vulnerability in the web interface.
• Resolved multiple security issues in the Webfile viewer on-device app.
• Improved the security of volume mount options.
• Resolved multiple security issues in the EULA onboarding flow.
• Resolved leakage of debug messages in the web interface.
• Improved credential handling for the remote MyCloud-to-MyCloud backup feature.
• Improved credential handling for upload-logs-to-support option.
• Apache -v2.4.34
• PHP -v5.4.45
• OpenSSH -v7.5p1
• OpenSSL -v1.0.1u
• libupnp -v1.6.25 (CVE-2012-5958)
• jQuery -v3.3.1 (CVE-2010-5312)
Other Bug Fixes
• Resolved high CPU utilization with ufraw-batch process.
• Improved remote host port handling