Are you planning to patch this vulnerability?
1 Like
We are checking it, thank you for bringing our attention to this issue.
In the meantime for the CVE-2019-9506, which was mention in that article I was able to find these to sites, which are useful:
https://nvd.nist.gov/vuln/detail/CVE-2019-9506
https://security-tracker.debian.org/tracker/CVE-2019-9506
As you can see from the Debian security tracker, there were some changes in the Linux kernel to mitigate this issue. Those changes were backported to a stable versions of the kernel.
For Turris MOX and for Turris Omnia in Turris OS 4.x release, which runs on OpenWrt 18.06.04:
First changes there were included in kernel 4.14.130, but it was properly fixed in kernel 4.14.133. In the current version of Turris OS 4.0, there is kernel 4.14.137.
Turris OS 3.x release:
It is included in kernel 4.4.185 and in Turris OS 3.11.6, there is a version of kernel 4.4.187.
3 Likes