Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[FIXED 6.1.9] [PENDING UPSTEAM FIX] Kernel Vulnerability CVE-2016-0728

Featured Replies

  • Author

 

I saw this report myself last night.  Just came here to search for it...

 

NAS, you're quick....  ;D

 

Thanks, its my day job.

 

I actively try to only post the bare minimum most important vulnerabilities here as it is easy to get carried away. So far the security patching burden in unRAID has been extremely low and with a couple of notable exceptions turn around these days is reasonably good.

 

Long may it continue, i know I appreciate it.

  • Author

It seems that all over the internet, devs are having problems proving or disproving this CVE in real life and there is a worrying trend of PEBKAC and Chinese whispers becoming fact. i.e. nonsense e like "I cant blindly use the  POC therefore the CVE isnt valid".

 

How are we handling this, if/when are we patching it?

 

Edit: I meant to say that there is a valid case for arguing that due to unRAIDs flatter security model we may not need to rush this out but I think we do need an open debate or at least some more timely feedback.

It seems that all over the internet, devs are having problems proving or disproving this CVE in real life and there is a worrying trend of PEBKAC and Chinese whispers becoming fact. i.e. nonsense e like "I cant blindly use the  POC therefore the CVE isnt valid".

 

How are we handling this, if/when are we patching it?

 

Edit: I meant to say that there is a valid case for arguing that due to unRAIDs flatter security model we may not need to rush this out but I think we do need an open debate or at least some more timely feedback.

 

There was a patch submitted upstream for the fix by someone, but until it's merged, we're not touching it.  The Linux kernel/dev team has a process for merging patches like these through mainline, then they backport to stable.  We will follow suit.

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.