Hello.
Was reading this article this morning:
"Extremely severe bug leaves dizzying number of software and devices vulnerable | Ars Technica"
http://arstechnica.com/security/2016/02 ... ulnerable/
Was wondering if anyone else had read about it, or whether anyone could comment on how it impacts Amahi?
glibc bug: Amahi impacts?
Re: glibc bug: Amahi impacts?
Yes, we saw that article. Quite alarmist. If you read through it ... you can see that
We do not advice our users to open up their HDA to the wild wild internet, so that makes it such that an attacker would have to have access to the local network to begin with.
For people that open up their ssh or VPN (or web server), this may become an attack vector, though that makes it quite a smaller attack surface.
All in all, it's something we have to watch for. We may release an update that forces a glibc update soon, just to be safe.
Thanks for the post. Keeps us on our toes!
Which is a little less worrying. Since the result is a crash, it's not an immediate code execution risk. For now. It may become an issue later.... weaponized exploits that successfully execute malicious code are "possible, but not straightforward" ...
We do not advice our users to open up their HDA to the wild wild internet, so that makes it such that an attacker would have to have access to the local network to begin with.
For people that open up their ssh or VPN (or web server), this may become an attack vector, though that makes it quite a smaller attack surface.
All in all, it's something we have to watch for. We may release an update that forces a glibc update soon, just to be safe.
Thanks for the post. Keeps us on our toes!
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 8GB RAM, 1TBx2+3TBx1
Re: glibc bug: Amahi impacts?
Yes, agreed 100% on all fronts.Y... Quite alarmist.
... less worrying.
... smaller attack surface.
I felt it probably wasn't a significant risk. Mainly wondered whether there might be something included in the next release of Amahi to address the issue. I expect Fedora will be patched. Having Amahi covered would be great, too.
(Would also be good to know which Amahi apps might be at risk. I guess that may be up to each developer...)
Thanks for your response!
Re: glibc bug: Amahi impacts?
If Fedora gets patched, then Amahi is covered. The exploit would come from the OS.
ßîgƒσστ65
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Applications Manager
My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2
Who is online
Users browsing this forum: No registered users and 4 guests