Security Notifications - aaronwmorris/indi-allsky GitHub Wiki

Overview

This page is dedicated to providing notice for security issues that affect indi-allsky.

Recommended Distributions

The following distributions are recommmended if you want to be fully security hardened:

  • Debian 12
    • Raspberry Pi OS (bookworm)
  • Debian 11
    • Raspberry Pi OS (bullseye)
  • Ubuntu 22.04
  • Ubuntu 20.04

The following distributions cannot have all Python vulnerabilities fully resolved and should NOT be made Internet facing. Hosting on a home network or behind a firewall should be relatively safe, though.

  • Debian 10
    • Raspberry Pi OS (buster)
    • Astroberry 2.0.4
  • Ubuntu 18.04

Recommended platforms

  • x86_64
    • Intel & AMD
  • aarch64
    • Raspberry Pi 3+
    • Rockchip
    • Orange Pi 3+

32-bit platforms

64-bit platforms have become the de-facto standard today and the Python community appears to be losing interest in supporting 32-bit platforms, especially armv6l and armv7l. Many Python module projects are not providing pre-compiled wheels or the modules refuse to build on the platforms. Sometimes, it is possible to compile the modules from source, but this can take many hours on older, slower SBCs. In many cases, this forces using older module versions with known security vulnerabilities. The modules still function as expected, however, it would not be recommended to run any of these systems exposed to the Internet.

armv6l

armv6l CPUs used in the original Raspberry Pi (v1) and Pi Zero (v1) require special handling. Many ARM 32-bit Python modules appear to be compiled against the armv7l target which may result in segfaults due to unsupported CPU instructions on armv6l CPUs. The workaround is installing even older Python modules which do not contain the unsupported instructions. These older Python modules will contain security vulnerabilities.

Python 3.7 (Debian/Raspbian 10)

Python 3.7 is end of life as of June 2023. Python modules necessary for indi-allsky have already stopped supporting this python release and the functional modules have known security vulnerabilities that cannot be fixed.

Astroberry 2.0.4

Astroberry 2.0.4 is based on Raspbian 10 and runs Python 3.7. It is vulnerable to the issues above.

Python 3.6 (Ubuntu 18)

Ubuntu 18.04 Bionic is end of support as of June 2023. While extended support is available for the distribution, Python 3.6 is end of life as of December 2021. The Python modules required for indi-allsky have stopped supporting Python 3.6 in their latest releases and the functional versions have known security vulnerabilities that cannot be fixed.