Rasp­berry Pi gets a fix for Broad­pwn Wi-Fi ex­ploit

OpenSource For You - - Fossbytes -

Days after the re­lease of De­bian 9, the Rasp­berry Foun­da­tion has brought out a new Rasp­bian OS ver­sion. The new up­date, co­de­named Stretch, in­cludes a list of op­ti­mi­sa­tions and fixes a vul­ner­a­bil­ity that had im­pacted sev­eral mo­bile de­vices and sin­gle-board com­put­ers in the past.

Called Broad­pwn, the bug was dis­cov­ered in the firmware of the BCM43xx wire­less chipset in July this year. It af­fected a wide range of hard­ware, in­clud­ing Rasp­berry Pi 3 and Pi Zero

W, as well as var­i­ous iPhone and iPad mod­els. Po­ten­tially, the zero-day vul­ner­a­bil­ity lets an at­tacker take over the wire­less chip and ex­e­cute a ma­li­cious code on it. The Stretch re­lease comes with a patch for the loop­hole to avoid in­stances of any hacks and at­tacks on Rasp­berry Pi.

While the Jessie build had PulseAu­dio to en­able au­dio sup­port over Blue­tooth, the new Rasp­bian re­lease has the bluez-alsa pack­age that works with the pop­u­lar ALSA ar­chi­tec­ture. You can use a plugin to con­tinue to use PulseAu­dio.

The latest ver­sion also has bet­ter han­dling of user­names other than the de­fault ‘pi’ ac­count. Sim­i­larly, desk­top ap­pli­ca­tions that were pre­vi­ously as­sum­ing the ‘pi’ user with pass­word­less sudo ac­cess will now prompt for the pass­word.

Rasp­bian Scratch has ad­di­tion­ally re­ceived an off­line ver­sion of the Scratch 2 with Sense HAT sup­port. Be­sides, there is an im­proved Sonic Pi and an up­dated Chromium Web browser.

The Rasp­berry Pi Foun­da­tion rec­om­mends that users up­date their sin­gle-board com­put­ers us­ing a clean im­age. You can down­load the same from its of­fi­cial site. Al­ter­na­tively, you can up­date your Rasp­berry Pi by mod­i­fy­ing the sources.list and raspi.list files. The man­ual process also re­quires re­nam­ing of the word ‘jessie’ to ‘stretch’.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.