[MVMA] Security alert: Firmware upgrade highly recommended
Chuck Gelm
nc8q-mesh at gelm.net
Thu Jun 7 15:13:13 EDT 2018
https://www.aredn.org/
Alerts
AREDN highly recommends upgrading to AREDN security release v3.16.1.1
For more information:
http://www.aredn.org/content/release-notes-aredn-v31611
The following changes have been made from our previous, v3.15.1.0,
production release:
*Notable Security Patches*
* *SCS-2017-001 – High Severity*
A remote Denial of Service flaw impacting _ALL RELEASES of the
AREDN/BBHN branded firmware since at least version 0.4.3_. *
Immediate upgrade to 3.16.1.1 (or newer)* is recommended to ensure
stability of the mesh nodes.
* *SCS-2016-005 – Low Severity*
A number of low severity flaw in dropbear (the ssh server) were
reported to AREDN. While these flaws were in 3.16.1.0 they could not
be exploited in a default installation as the features were not
utilized (CVE-2016-7406, CVE-2016-7407,CVE-2016-7408,CVE-2016-7409)
Snapshot of MVMA on 2018-06-07 15:05 EDST
42 nodes
14 (33%) are running non-current firmware.
6 nodes are running 26 month old AREDN v3.16.1.0b02
9 nodes are running 25 month old AREDN v3.16.1.0
Nodes can be upgraded 'Over The Air'.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/mvma/attachments/20180607/45146a47/attachment.html>
More information about the MVMA
mailing list