Security Bulletin

DavidFW1960 · January 19, 2021, 11:37am

BTW is that a free tool you used there? Do you have a link - I would like to check it out…

keiran.harris · January 19, 2021, 11:38am

Yup >> https://mxtoolbox.com/SuperTool.aspx

cahenning · January 19, 2021, 1:01pm

I tried to update HA to version 2021.1.4. I got a failure message and the following log:
21-01-19 12:54:07 ERROR (SyncWorker_1) [supervisor.docker.interface] Can’t install homeassistant/raspberrypi3-homeassistant:2021.1.4 -> 500 Server Error for http+docker://localhost/v1.40/images/create?tag=2021.1.4&fromImage=homeassistant%2Fraspberrypi3-homeassistant: Internal Server Error (“Get “https://registry-1.docker.io/v2/homeassistant/raspberrypi3-homeassistant/manifests/2021.1.4”: Get “https://auth.docker.io/token?scope=repository%3Ahomeassistant%2Fraspberrypi3-homeassistant%3Apull&service=registry.docker.io”: context deadline exceeded (Client.Timeout exceeded while awaiting headers)”).
What does this mean?

frenck · January 19, 2021, 1:07pm

That can be caused by an outdated version of HassOS, please make sure you are running HassOS 5.10 as well.

cahenning · January 19, 2021, 1:13pm

You are right. My current version is 5.9. But if I try the update to 5.10 I got also a failsure message with the log:
ERROR (MainThread) [supervisor.hassos] Home Assistant Operating System update failed with: signature verification failed: error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure

makai · January 19, 2021, 1:16pm

You can update HA OS manually using a USB key. See doc here: https://github.com/home-assistant/operating-system/blob/038f1b4bd69c952769fd020db0eae0f511570d19/Documentation/configuration.md

jo-me · January 19, 2021, 2:10pm

So, if the security issue is only affecting people with HA exposed to the internet/nabucasa, it should’ve been mentioned in the bulletin.

I’m probably not the only one that accesses HA only from within the network or via VPN.

cahenning · January 19, 2021, 2:47pm

Thanks! It works. HA OS is updated. I will try to update the HA Core now.

sender · January 19, 2021, 2:58pm

google seems to “pass” met the results on this “search”, can you give the link to it?

cahenning · January 19, 2021, 3:06pm

…and it also works!

gerard33 · January 19, 2021, 4:18pm

It’s a custom integration and not an addon, you can find it in HACS and here → GitHub - custom-components/authenticated: A platform which allows you to get information about sucessfull logins to Home Assistant.

JD_01 · January 19, 2021, 4:39pm

Doh, should have read on.

danielo515 · January 19, 2021, 4:47pm

Is this supposed to introduce breaking changes? I’m now getting invalid configuration values notifications/errors

frenck · January 19, 2021, 4:48pm

depends on which version you are upgrading from. Breaking changes for each release can be found in the release blogs.

Tinkerer · January 20, 2021, 7:37am

11 posts were split to a new topic: How to fix a malformed database?

samnewman86 · January 19, 2021, 5:21pm

Who said that’s the case?

bschatzow · January 19, 2021, 5:22pm

I am having an issue with the 5.10 update (causes my PI4 to freeze, issue 1119 on github) Since you mention that this may also be a security issue, how can I help to provide more information to try and get this resolved? Looks like a lot of people responding on github with the same problem.
Again, thanks for all you do. It is much appreciated.
Bill

jo-me · January 19, 2021, 6:05pm

Nabu casa blog entry suggests this.
Not sure if intended.

frenck · January 19, 2021, 6:23pm

I’m not mentioning it is a security issue. It said his issue with upgrading can happen on HassOS 5.9. This has no relation to the security bulletin given.

greg_mitch · January 20, 2021, 3:06am

I am on 2020.12.7 and not seeing an update possible. I have reloaded the supervisor and restarted HA. Any other way to make sure I get this update?

Supervisor

Version

2020.12.7

Newest Version

2020.12.7

Channel

stable