Tuesday, October 11th 2022
Numerous Security Fixes Implemented for SAMBA, Kernel and Various Plugins in ASUSTOR's Security Investigation
In order to strengthen the implementation of protection from malware attacks, ASUSTOR continuously upgrades ADM system in order to bring security and safety to users. ASUSTOR recognizes the spread of malware is an increasingly large problem for data security and ransomware resembling Deadbolt is a wakeup call for customers and providers. In light of this, ASUSTOR will increase its commitment to identify and patch potential vulnerabilities with consistent updates to be ahead of threats to data.
The latest version of ADM updates Samba, Linux packages and Linux kernel to strengthen ADM's security for the best customer experience. In addition to updating ADM to fix OS vulnerabilities, third party portions of the OS have been updated for greater security. While these security updates help keep ADM more secure than it has ever been, making 3-2-1-compliant backups is the only way to ensure data is secure from most practical risks.
New security updates for ADM:
The latest version of ADM updates Samba, Linux packages and Linux kernel to strengthen ADM's security for the best customer experience. In addition to updating ADM to fix OS vulnerabilities, third party portions of the OS have been updated for greater security. While these security updates help keep ADM more secure than it has ever been, making 3-2-1-compliant backups is the only way to ensure data is secure from most practical risks.
- Updated SAMBA to fix the following vulnerabilities: CVE-2022-32742, CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746.
- Fixed the following Linux kernel vulnerabilities: CVE-2019-18282, CVE-2019-19527, CVE-2019-19532, CVE-2019-19537, CVE-2020-12770, CVE-2021-0605, CVE-2021-20317, CVE-2021-20321, CVE-2021-29154, CVE-2021-29650, CVE-2021-34556, CVE-2021-35477, CVE-2021-3732, CVE-2021-3753, CVE-2021-39633, CVE-2021-39698, CVE-2021-4149, CVE-2021-4203, CVE-2021-45868, CVE-2022-0185, CVE-2022-0330, CVE-2022-0617, CVE-2022-1011, CVE-2022-1048, CVE-2022-1055, CVE-2022-1353, CVE-2022-20008, CVE-2022-27666, CVE-2022-28893, CVE-2022-29582.
- Updated GnuTLS to fix the following vulnerabilities: CVE-2020-24659, CVE-2021-20231, CVE-2021-20232.
- Updated Nettle to fix the following vulnerabilities: CVE-2021-3580, CVE-2021-20305.
- Updated Avahi to fix the following vulnerabilities: CVE-2021-3502, CVE-2021-3468.
10 Comments on Numerous Security Fixes Implemented for SAMBA, Kernel and Various Plugins in ASUSTOR's Security Investigation
Not trying to defend these companies, simply informing about how they operate.
Have a look at QNAP's FreeBSD based software. My friend was one of the main engineers on that project, he quit, because they wouldn't listen to him and decided to use an old OS that they now have to backport everything to. It's a disaster.
That what I was hinting at in my initial post: Asus haven't suddenly discovered a security miracle, they simply stopped slacking off and did something they should be doing every day.
This isn't even something specific to routers. Any smart device suffers from software neglect, most of the time way worse than your router. I've even read a suggestion to place all "smart" devices on your guest network to give yourself and extra layer of isolation from crappy and exploitable software.
As for companies adamantly insisting on doing the wrong thing because "reasons"... I'm all too familiar with that.
Is this asustor pushing out firmware with an updated Samba??
Or
Is this Samba putting out the latest or updated version for everyone to use?
Like @TheLostSwede said above, manufacturers use (unnecessarily) customized software, which is hard to maintain. And the further they fall back, the harder it becomes to port various fixes. Add to that people that may leave the project over time and you can start to understand why maintenance is such a nightmare, nobody wants to do it.