I have been sent an alert from LL , about a exploit which could compromise security of ANY un-patched viewer, suffice to say the details will remain out of public view.
I am however pleased to announce that both me and the other kirsten viewer devs have been very busy people! Please find S21(7a) on the site, download at your earliest opportunity for best protection against this threat.
IF you do not find 7a available for your platform or you use any other viewer, I would suggest using the standard viewer 2 ( which should already be patched as of today ).
Best Wishes, KL
35 Comments
Aww, thank you Kirsten
Im glad to know .. I have been missing money..ty..
thank you Kirsten
see no updates for the SL beta viewer. is it vulnerable or will be patched?
No idea, the problem has been around for a while and is documented but the push may have come because someone may have been using the exploit on the grid . The problem revolves around one of the support libs that viewers are compiled with... needless to say we are all patched so its not a worry for us now
Ok well downloaded new 7a Im still having the problem reported a month ago.. seems all 2.0 viewers react the same. Initially after install viewer pops rt on logs].. after a week it slows down loading world and eventually freezes and crashes saying parcel may have difficulty and or connection to internet.. .. Phenom 945 ati 5450 graphics 8 gig memory. Fiber connection.. Pls does anyone have any idea it renders 2.0 viewers uselessbut never has been a problem with 1.5 series ty for the time Sorry to bring this up but thought it was a AMD prob .. shrugs Im lost..
a follow up If I delete all app roaming and local the viewerworks fine and then it starts all over again slows down at loading world eventually freezes saying parcel probs or internet..
For anyone with mac ... does this viewer log into your account? I'm still having DNS troubles with this viewer and the newest viewer 2.
Simon there's a temp fix on this JIRA jira.secondlife.com..
Just in case the workarounds aren't visible, they are:
Add free google DNS to your network configuration. "System preferences" -> "Network" -> "Advanced..." -> "DNS" -> "+" and type 8.8.8.8 "System preferences" -> "Network" -> "Advanced..." -> "DNS" -> "+" and type 8.8.4.4
It's worked for all the Mac users I've given it to so far. Which is exactly two of you but hey, better than zero!
Increase the Mac count to 3
I got the DNS problem with this new update so big thanks, adding in Google's DNS servers did the trick.
Well, there's a push for updating people to v2 ~chuckle~ Not really, but... ~shrugs~
shoot I'm using build 5 because I'm getting a known but with 6 and up. I'm also having the same issue votslav's reporting. Do we know if this exploit was around in build 5?
I've been back on build 5 because it's the only one that doesn't slow down framerate wise after an indeterminate amount of time. And we're talking from 40fps down to approx 1-2fps.
I have both Beta and Main Linden Viewer 2 also installed on my system, updates set to automatic, and neither has been updated. Have checked the website downloads and they still show the old version numbers. If they've been patched there's no evidence to show it. Will use Live Chat later to ask the Lab what's going on.
Kirsten this is the best update so far! So fast!! No issues at all just a crash at the first log in after the installation which might been my system for some reason, from then all cool. Though, unfortunately you forcing me to use FireStorm because in yours there is no Temp Upload.... Please.. but Please, would you implement that feature in the next update? I'm a content creator and is really frustrating for me to switching viewers all the time I am working on something. Thanks so much for your efforts so far! You simply rock!
The exploit is from a audio codec lib, the CVE (Common Vulnerabilities and Exposures) deployed some time ago, but the way to exploit it on the GRID was defined as "not appliable", yesterday just after few mins after Lee published the post about the release of (07) we received official warning from LL, somebody was quite smart enough to find a way to exploit in the grid...
So we have fixed everything in few time and published (07)a after few hours after the official warning, SL2 is already fixed in dev branch (LL QA approval chain is longer than our one maybe) but a fix is avaiable too. Other viewers was warned at same time of us, i think they're wortking on it. The exploit affect only "old" version of audio codec, is quite dangerous, adding a malicious formatted data into the "stream info" field of a stream can cause the execution of arbitrary code on host machine (like a "format c:" or download&install "something" on your pc and all other your user can do on your box..., another good reason to NOT work as "local administrator", imho).
PS: this is to explian why so hurry to upgrade your viewer, some info are generic to avoid some dumb n00b play to the game "crash the pc of somebody else", everybody quite enough skilled to gather other kind of information for didactical knowledge
@belladonna: Much thanks to you!
I keep crashing with this build on taking snapshots. Second time its happened to me today.
Hypatia give us more info, like video settings and your pc specs
Anyway using the forum for this kind of fix looking may be' usefull bc more used and seen
I've been crashing every 2 pictures I take on the 7 and 7a versions... the viewer just closes whithout any messages. It wasn't happening on the earlier versions. Any ideas?
:)
I mean versions 7 and 7a, rc4a
Does this affect Build 5?
Well, after using it a few days... it's very, very crashy compared to previous RCs and previous versions. To me, the crashes seem to be linked to the new (buggy) flycam code. If I don't use flycam, I'm fine. If I use flycam, I inevitably crash sooner or later. Usually sooner.
I've noticed RC3 was more stable ... the viewer seems to stall sometimes in Windows when exiting etc, weird autopilot issue when attempting to fly, this has been detailed in the forum section.
I think this is a great version, and thanks for patching so quickly KL, but is anyone else having a mass memory leak?
I am currently finding that I need to relog after about 6 hours of being on SL, maybe I never noticed this before or I've missed something but it slows everything to a crawl.
Kirsten viewer S21(7a) ubuntu 10.04
bin/do-not-directly-run-kirstens-s21-bin: error while loading shared libraries: libX11-xcb.so.1: cannot open shared object file: No such file or directory
*** Bad shutdown. ***
Only install libX11-xcb and ready
Loving the new layout by the way
Viewer CANNOT bundle all libraries, a lot should be already present in all standard installation, sometime ubuntu forgot it, i'll write as soon as possible a small howto to check enviroment before install KV
I am not programing saavy like most of you so this is mostly Marsian Language. I get the now and again (malicious bug) from AVG and deal with it and missing and not found software items. I have the choice to turn them off and continue, what is a webkit for anyway? It tells me certain things can't be done because of a missing tool of some sort. I have been having to reload every day to be able to read profiles. I stand on one leg, close an eye and whisper "Please dear Linden God don't make me a wiff of mist that takes 3 hours of combination trys to get my AV back." I eventually crash when going to London every time. The newest update has, for today, allowed me to read profiles. I can't do this with out that ability. Is Linden working on all this? It used to be so simple, who remembers how to quickly manuever in an older viewer? I have at least 5 icons going to a viewer .001+ or - .001 accumulated for everytime I reinstall, back to my still working prior to XL Street Viewer now sold out of business, great viewer though. How or should I be uninstalling somewhere? We used to clear catches, now I can't find anywhere to do this. It tells me while booting that it is bein done? True? I wish I knew of a way to comunicate in a type window with a techi about this, using the (hepl me "other SL customer" gets me into all kinds of trouble and an uneeded lesson in patience. My AV seems to be unable to use any HUD, it goes into a sitting mode every time. Who do I talk to about this? My AV is broke and won't come back no more no more. Whoooo do we less then the above geniuses get to help us? This activity is my only connection to the world, do to my handicaps and the TV news terrifiying. Thanks for letting me vent somewhere. WildMan Parx
Could someone please tell me exactly how to enable to shadows on this viewed in step by step format. Could you please include the location to the various things that must be installed or downloaded aswell? Thanks in advance.
this viewer*
7a is horrible for me, it just closes itself as soon as I login.
Windows 7 64bit AND Linux 32bit - same problem. Which is really odd.
linux kernel 2.6.38-8
Intel Core 2 Quad, 2.8 ghz
nVidia 250s 1gb
4gb of ram
So sad I still can't use 7a, grinds to a halt, gets to the point where I can't even cam. Hopefully the next release will work for me.
Windows 7 64bit
nvidia 9800gtx+
4gb ram
amd athlon 64 x 2 dual core
I am unable to turn shadows on in S21(7), though I did have them enabled in previous versions of Kirsten's. Same laptop, same system, same everything. Is there a way to get the viewer to recognize that the capability is there and un-grey the option for rendering shadows?
Are the older builds safe like your s20 build 45? new viewers aren't working so well..