Security Alert! All SinoVoip provided OS images insecure!

Just for your information. All OS images provided by SinoVoip for M2+ are affected by a local privileges escalation security flaw that might be remotely exploitable if the board is connected to network/internet: http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/

I informed SinoVoip 3 days ago but as usual they don’t give a shit about fixing things or security in general: https://github.com/BPI-SINOVOIP/BPI-M2P-bsp/issues/1

Only OS image that fixed this security flaw already is Armbian 5.10.

1 Like

note this , thank you .

Great, now action is required. Not only pressing on Like buttons. Updating kernel, updating all OS images, removing outdated crap from download section, start to behave responsibly.

Bye bye

1 Like

There are 2 downloads available, one is Android. This is a developer board and will not ship in the thousands, calm down :sunglasses: take it easy

OK ,we have fixed this issue on our github :slight_smile:

for BPI-M3 update to fixed this issue:

This is not a fix, reasons below: https://github.com/BPI-SINOVOIP/BPI-M3-bsp/issues/10#issuecomment-216756072

When do you start to provide online updates. It’s sooooooooooooo easy and we’ve told you several times. For your users it has to be enough to get the latest and greatest fixes to simply do just an ‘apt-get update/upgrade’ on Debian distros. And on the others provide a script that verifies authenticated installer packages before they are installed.