Update 6/23/2017: There is a fixed version of Debian Security Tracker
And a new version of Raspbain Jessie Jessie Download – but I am still trying to find out if it was compiled with the fixed Debian version.
And still no one has broke into my house, taken physical control of my Raspberry Pi and turned on my lights. Although this affects all Raspberry Pi’s with Debian on them.
Update 6/22/2017: Still no one has broke into my house, gained physical access to my Raspberry Pi and turned on my lights . . . all seems to be well, and not finding any incidences on google searches.
First, if you want to leave all this nonsense behind the best thing to do is create a second network using a second wifi router that is not connected to the internet at all and connect all your raspberry pi’s to it, then make a crazy long password and you only have to watch out for the guy sitting in a lawn chair in your front yard with a laptop and a pirate hat on.
If you still wanted remote access your next step would be to add a IoT OtG hub to the secondary network.
The latest vulnerability is called Stack Clash and it is a Linux vulnerability.
The vulnerability is called Stack Clash
Looks like at this moment a person would have to have physical access to the Raspberry Pi
Looks like Debian has been patched Raspbian has not, looks like it will be easiest to wait for a Raspbian fix, Raspbian adds a lot of extras to Debian
For the oldstable distribution (jessie), this problem has been fixed in version 3.1-2+deb8u1.
Looks like jessie has retired and Stretch is the new version:
For the stable distribution (stretch), this problem has been fixed in version 3.2.1-4.
Looks like the Raspberry Pi 2 uses the ARM hard-float (armhf) computer architecture –
Raspbian is an unofficial port of Debian wheezy armhf with compilation settings adjusted to produce code that uses “hardware floating point”, the “hard float” ABI and will run on the Raspberry Pi.
Raspberry Pi 3 –
Apr 11, 2017 – It contains a 1.2 GHz ARM Cortex-A53 CPU and hence is the first version of the RaspberryPi to support the arm64 architecture.