Guest Killhippie Posted July 9, 2018 Share Posted July 9, 2018 I was wondering if the Netduma team will push Netgear to update to the least version of OpenSSL? Currently the XR500 is running 1.0.2n released in Dec 2017 (not bad for Netgear) the latest is 1.0.2o released in March 2018 which patches CVE-2018-0739 I mention this because If left to their own devices Netgear will not fix this on their own. The R7800 is still on version 1.0.2h which is from the 3rd of May 2016 and has many vulnerabilities. Hence my concerns. I assume (hate doing that) Netduma have access to the XR500's GPL source code. If nobody updates the GPL packages ( there are many) Netgear wont, so they need a good swift kick in the Brazil nuts. Voxel on smallnetbuilder is the only other person I know who uses firmware based on stock with updated packages put in place and published on Github and released for download via smallnetbuilder. Netgear just cant be bothered it seems to keep their code up to date. Hence I am hoping Netduma's team can push to keep the XR500 up to date even on Netgears side? Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted July 9, 2018 Administrators Share Posted July 9, 2018 Sure, I'll bring it up this week with the Netgear Development team and see if there is a plan of action for this. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted July 10, 2018 Share Posted July 10, 2018 Sure, I'll bring it up this week with the Netgear Development team and see if there is a plan of action for this. Really glad to hear that, Fraser. Having Netgear keep up to date will probably make your lives easier as you are dealing with the latest GPL code and not some weird out of date code base with more security holes than swiss cheese and also making the security of the router so much better at the same time. Link to comment Share on other sites More sharing options...
Administrators Netduma Fraser Posted July 10, 2018 Administrators Share Posted July 10, 2018 Looks like they've pushed the latest GPL for the next release so you'll have to let me know if thats correct once released. Link to comment Share on other sites More sharing options...
Guest Killhippie Posted July 11, 2018 Share Posted July 11, 2018 Looks like they've pushed the latest GPL for the next release so you'll have to let me know if thats correct once released. okay I shall keep a look out. Netgear sometimes don’t publish the GPL code as fast as they should and on occasion skip it which they shouldn’t do, but I’ll check definitely Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.