Platforms affected:
- OSMC for Raspberry Pi (all models)
- OSMC for Apple TV
- OSMC for Vero (all models)
A vulnerability [1] has been discovered in the Linux kernel’s approach to memory management which could allow an application to access a region of memory that is not allocated to it. The vulnerability is also referred to as Stack Clash.
This vulnerability has now been mitigated and a fix is included in OSMC for all supported platforms.
We recommend you update your device immediately. This can be done by going to My OSMC -> Updates -> Check for Updates. After updating, your system should report OSMC 2017.05-3 as the version in My OSMC.
Although OSMC has a monthly update cycle, OSMC makes critical bug fixes and fixes for security vulnerabilities immediately available. You can learn more about OSMC’s update cycle and about keeping your system up to date here.
[1] CVE-2017-1000364