Jump to content

Recommended Posts

Posted

I've neither found this nor fixed the code -- I just sat in a beergarden watching others do the work, wrote a summary later and also informed affected vendors where possible (LinkSprite and CubieTech still ignoring the issue and SinoVoip as usual providing a fix in the most complicated way so 99,9% of their users are still affected by exploits targeting this vulnerability, same applies most probably to 100% of Xunlong/loboris OS image users).

 

So kudos to the people who discovered this and fixed it!

 

We should take this as a reminder why 'legacy' kernels should be avoided where possible. You never know how many of these issues are present there since vendor provided kernels are made without code/peer review by contractors/employees paid by SoC vendors that do not care about security at all. Expect the worst. Always!

 

And that's why the ability to use mainline kernel is that important. And why it's important to use a distro like Armbian that is actively developed. I would suspect that most if not all OS images for Orange Pis that are still available on orangepi.org download section will never be upgraded and that the users there not even know what's going on.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines