A vulnerability [1] which could allow remote code execution when downloading subtitles from a remote server has been identified in Kodi. This vulnerability is considered critical.
I have just read about this vulnerability a couple of moments ago and, as a happy user of OSMC, came over to see when you are about to address this. Now even happier that it is sorted out. You are awesome! Thank you!
My OSMC -> Updates -> Check for Updates will upgrade my OSMC to Krypton. How can I apply the security fix without upgrading OSMC? I’m using older version because it’s quite fast on RasPi.
I had to follow these directions on my ATV1. These aren’t mine they were in the ATV section.
if you EVER incorrectly shutdown or reboot your ATV1, the boot partition will become Read-Only.
When that happens, the system will appear to operate normally until you need to update it. When you try updating it, it will fail because you cannot write to a Read-Only partition
***********************************************************
**** Do you have OSMC installed in the internal HDD ? ****
***********************************************************
To enable writing to the boot partition again, you need to ssh into osmc on your ATV1, and run the following commands:
sudo umount /boot
sudo fsck.hfsplus -f /dev/sda1
sudo mount -o force,rw /dev/sda1 /boot
Now that the parition is writable, you need to do the following commands to update the system.
sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot
Your system should then update and reboot.
** Do you have OSMC installed on USB, AND have an internal HDD in the ATV1 ? **
To enable writing to the boot partition again, you need to ssh into osmc on your ATV1, and run the following commands:
sudo umount /boot
sudo fsck.hfsplus -f /dev/sdb1
sudo mount -o force,rw /dev/sdb1 /boot
Now that the parition is writable, you need to do the following commands to update the system.
sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot
To try prevent this from happening in the future, always use the shutdown, and reboot menu within Kodi. (Unfortunately, if the the system ever crashes, or totally freezes forcing you to unplug the power, you will need to fix it again)
Kodi v17.2 has the security fix included.
Kodi v17.3 will come soon, but it’s not needed to secure your device. As long as you have OSMC 2017.04-2 installed, your system is secure from this vulnerability.