Infra upgrades for copy.fail CVE
Baptiste Jonglez
baptiste at bitsofnetworks.org
Mon May 4 15:05:36 PDT 2026
Hi,
The risk of copy.fail on our infra is not very high, but we should patch
anyway. The biggest risks are buildbot workers (they run semi-unstrusted
code from the package feeds) and webservices (where any vulnerability
would be escalated to root). I haven't seen any sign of compromise.
I've just upgraded most of our infra with newer kernels with the fix:
- buildbot master
- buildbot workers (except 2 still pending because I/O is a bit slow)
- wiki
- forum
- git
Still pending:
- remaining buildbot workers - in progress
- main download server - planned tomorrow
- other services (firmware selector, sysupgrade server)
- misc infra servers
Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-adm/attachments/20260505/1ec2fb32/attachment.sig>
More information about the openwrt-adm
mailing list