[Release Notes] Security Hotfix for Tahkalampi 1.0.8.21 [released]
Given that update9 is still in its stabilization period, we decided to roll out the fixes for the recently discovered security vulnerabilities (along with a few others) to your devices while we continue to work with update9. This hotfix update fixes
- bash vulnerabilities (Shellshock) - CVE-2014-7169, CVE-2014-6271
- NSS vulnerabilities - CVE-2014-1568, CVE-2014-1544, CVE-2014-1491, CVE-2014-1490, CVE-2013-5605, CVE-2013-1739, CVE-2013-1741, CVE-2013-0791
- Also fixed in the browser engine (Mozilla bug #1064636)
- NSPR vulnerabilities - CVE-2014-1545, CVE-2013-5607
Fetch the update
Pre-requisites
- Working Jolla account configured on your device
- Charger connected
- Device connected to WLAN or mobile data network
If you are unable to successfully configure the account, please visit account.jolla.com and try to reset your password.
Users running software version < 1.0.4.20
If your device is running software version lower than 1.0.4.20 and have WareHouse app installed (i.e you are using OpenRepos), disable all openrepo repositories before attempting to upgrade your device. Else, you risk breaking the device. Read important-steps-to-do-before-updating and how-to-disable-openrepos-repositories posts for more information.
Update the software
If your Jolla is connected to internet, an OS update notification should pop up shortly. If you just can't wait, you can manually trigger an OS update check as follows:
- Open Settings app
- Go to System > Sailfish OS updates
- Pull down the pulley menu and select 'Check for update'
- Once an OS update notification is received, tap on it and follow the instructions.
Do not reboot the device while the OS update installation is in progress. During the update, the device screen might blank out. You can awaken the display by a short press on the power key to monitor the progress. When the upgrade has completed successfully, you will see the LED light up red before the device restarts.
sad panda to see that update9 not yet stabilised but thanks for those security holes fixes ;-)
pat_o ( 2014-10-06 17:08:09 +0200 )editAnd this ends my uptime :(
http://imgur.com/BYTwfQt
Waiting for update 9
ApB ( 2014-10-06 17:12:55 +0200 )editAt least a good beginning. So we shouldn't expect update 9 in this week?
juju_des_highlands ( 2014-10-06 17:17:08 +0200 )editThanks! First things first.
kt ( 2014-10-06 17:31:19 +0200 )editDone, thanks! BTW, the revision is still the same (1.0.8.21)
roglio ( 2014-10-06 17:57:58 +0200 )edit