Jump to content

Welcome to Netduma Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

OpenSSL versions update.

Firmware

  • Please log in to reply
4 replies to this topic

#1
Killhippie

Killhippie

    Member

  • Members
  • PipPipPip
  • 133 posts
  • Local time: 02:20 PM
  • LocationUK

I was wondering if the Netduma team will push Netgear to update to the least version of OpenSSL? Currently the XR500 is running 1.0.2n released in Dec 2017 (not bad for Netgear) the latest is 1.0.2o released in March 2018 which patches CVE-2018-0739  I mention this because If left to their own devices Netgear will not fix this on their own. The R7800 is still on version 1.0.2h which is from the 3rd of May 2016 and has many vulnerabilities. Hence my concerns.

 I assume (hate doing that)  Netduma have access to the XR500's GPL source code. If nobody updates the GPL packages ( there are many) Netgear wont, so they need a good swift kick in the Brazil nuts. Voxel on smallnetbuilder is the only other person I know who uses firmware based on stock with updated packages put in place and published on Github and released for download via smallnetbuilder. Netgear just cant be bothered it seems to keep their code up to date. Hence I am hoping Netduma's team can push to keep the XR500 up to date even on Netgears side?



#2
Netduma Fraser

Netduma Fraser

    Tech & Customer Support

  • Administrators
  • 18,854 posts
  • Local time: 02:20 PM

Sure, I'll bring it up this week with the Netgear Development team and see if there is a plan of action for this.


Twitter/Facebook/YouTube/Twitch/Instagram/Steam Group/Discord

 

Official R1 Support Times: 10am - 6pm BST



Official DumaOS/XR500 Support Times: 12pm - Midnight BST



Time Converter

If you're having Settings or Hardware issues with the XR500 please go here and login to get the number for Netgear's 24/7 support line: http://support.netgear.com/


#3
Killhippie

Killhippie

    Member

  • Members
  • PipPipPip
  • 133 posts
  • Local time: 02:20 PM
  • LocationUK

Sure, I'll bring it up this week with the Netgear Development team and see if there is a plan of action for this.

Really glad to hear that, Fraser. Having Netgear keep up to date will probably make your lives easier as you are dealing with the latest GPL code and not some weird out of date code base with more security holes than swiss cheese and also making the security of the router so much better at the same time.  :) 



#4
Netduma Fraser

Netduma Fraser

    Tech & Customer Support

  • Administrators
  • 18,854 posts
  • Local time: 02:20 PM

Looks like they've pushed the latest GPL for the next release so you'll have to let me know if thats correct once released.


Twitter/Facebook/YouTube/Twitch/Instagram/Steam Group/Discord

 

Official R1 Support Times: 10am - 6pm BST



Official DumaOS/XR500 Support Times: 12pm - Midnight BST



Time Converter

If you're having Settings or Hardware issues with the XR500 please go here and login to get the number for Netgear's 24/7 support line: http://support.netgear.com/


#5
Killhippie

Killhippie

    Member

  • Members
  • PipPipPip
  • 133 posts
  • Local time: 02:20 PM
  • LocationUK

Looks like they've pushed the latest GPL for the next release so you'll have to let me know if thats correct once released.

okay I shall keep a look out. Netgear sometimes don’t publish the GPL code as fast as they should and on occasion skip it which they shouldn’t do, but I’ll check definitely





Also tagged with one or more of these keywords: Firmware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users