[MVMA] Security alert: Firmware upgrade highly recommended

Thu Jun 7 23:20:04 EDT 2018

To All:

I remotely upgraded the delinquent nodes at:
·         Xenia West 2nd Street,  
·         Xenia North – XWARN, 
·         MVHS (KE8MVM nodes only), and 
·         Vandalia-Helke (Wynn Rollert Node W6CDR) Omni.  

I tried to update the node on the Vandalia Water Tank…. and failed.  It appears I crashed the node.  Upgrade went smoothly, as expected, but node did not return to air after upgrade.

Bill

William L. Curtice
Cell: 937-287-0871
Skype: williamcurtice

From: mvma-bounces at mailman.qth.net [mailto:mvma-bounces at mailman.qth.net] On Behalf Of Chuck Gelm
Sent: Thursday, June 07, 2018 3:13 PM
To: mvma at mailman.qth.net
Subject: Re: [MVMA] Security alert: Firmware upgrade highly recommended

https://www.aredn.org/

Alerts 

AREDN highly recommends upgrading to AREDN security release v3.16.1.1
For more information: http://www.aredn.org/content/release-notes-aredn-v31611

The following changes have been made from our previous, v3.15.1.0, production release:
Notable Security Patches

*	SCS-2017-001 – High Severity
A remote Denial of Service flaw impacting ALL RELEASES of the AREDN/BBHN branded firmware since at least version 0.4.3. 
Immediate upgrade to 3.16.1.1 (or newer) is recommended to ensure stability of the mesh nodes.
*	SCS-2016-005 – Low Severity
A number of low severity flaw in dropbear (the ssh server) were reported to AREDN. While these flaws were in 3.16.1.0 they could not be exploited in a default installation as the features were not utilized (CVE-2016-7406, CVE-2016-7407,CVE-2016-7408,CVE-2016-7409)

Snapshot of MVMA on 2018-06-07 15:05 EDST

42 nodes 
14 (33%) are running non-current firmware.
 6 nodes are running 26 month old AREDN v3.16.1.0b02
 9 nodes are running 25 month old AREDN v3.16.1.0

Nodes can be upgraded 'Over The Air'.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/mvma/attachments/20180607/0ff3d558/attachment-0001.html>