October 21, 20169 yr http://arstechnica.com/security/2016/10/most-serious-linux-privilege-escalation-bug-ever-is-under-active-exploit/ I know this software isn't really security revolving considering we don't have HTTPS and don't support using in a non trusted environment, but we should probably take this seriously. Sent from my Nexus 6P using Tapatalk
October 21, 20169 yr Does this actually effect us all that much? It says it is a privilege escalation exploit. Since we only have a root user account there are no other unprivileged users on our systems to exploit this from. Or do I misunderstand the nature of the vulnerability? CVE-2016-5195 for reference.
October 21, 20169 yr Doesn't affect unRAID, nevertheless we are preparing 6.2.2 and 6.3.0-rc3 with appropriate patches. Speculation: wonder if it's coincidence: they're saying the "Worlds largest DDoS attack" has occurred on the same day of widespread dissemination of "Most serious Linux privilege-escalation bug ever is under active exploit."
October 22, 20169 yr Agreed, I already commented on the V6.2.1 thread that I'm impressed with the new release strategy, but this exploit being patched I think has set a record! Sent from my LG-H815 using Tapatalk
October 26, 20169 yr Author I greatly appreciate the speed on this fix. I use Wi-Fi and without some other form of auth beyond WPA2 we know nothing is truly secure. I need to get radius or something setup when I'm less lazy. I do have other users on my limetech server, just not privileged. Sent from my Nexus 6P using Tapatalk
Archived
This topic is now archived and is closed to further replies.