[Freifunk-Bonn] Fwd: [SECURITY] Critical vulnerability in Gluon - Bugfix release on Thursday, 2022-05-05
edgar.soldin at web.de
edgar.soldin at web.de
Di Mai 3 21:53:25 CEST 2022
klingt als käme da ein kritisches Gluon Update auf uns zu (s.u.). ist natürlich besonders bitter für ALLE alten Kölner Knoten für die es aktuell KEINE aktualisierte Firmware gibt.
vielleicht findet sich ja aus diesem Anlass Jemand, der da neue Images bauen möchte. als Anhaltspunkt könnten
die akt. Bonner Multidomain Site.conf (Aktuelles Gluon)
https://github.com/ff-kbu/site-ffkbu-multidomain/tree/fastd
und Yanoszs Multidomain Firmware Experiment (Kölner Domain Daten)
https://github.com/edeso/ff-kbu-gluon-build/tree/master/site
dienen.
..sonnige ede
-------- Forwarded Message --------
Subject: [gluon] [SECURITY] Critical vulnerability in Gluon - Bugfix release on Thursday, 2022-05-05
Date: Mon, 2 May 2022 21:22:20 +0200
From: Matthias Schiffer <mschiffer at universe-factory.net>
To: gluon at luebeck.freifunk.net
CC: firmware-devel at freifunk.net, wlanware at freifunk.net
Hi everyone,
we have recently found a critial security vulnerability in Gluon, making a
timely update of all nodes necessary.
The bugfix has not been pushed to the public Gluon repository yet to avoid
disclosing information on this issue. A detailed advisory will be published
at the same time as Gluon 2021.1.2, which will contain the fix.
The release is scheduled for the evening of Thursday, 2022-05-05. As all
previous Gluon releases are affected, we will also provide bugfix backports
for various older release branches that are still in use, regardless of
end-of-life status.
-- NeoRaider
Mehr Informationen über die Mailingliste Freifunk-Bonn