Kodi 17.3 released – with critical security exploit fixed.

Kodi logo

May 22, 2017

Update from Kodi: Due to packaging issue after release some add-ons like PVR, visualisation and Inputstream are missing. Also on Ubuntu 14.04 an issue came to light. We will release v17.3 as soon as we can to solve this problem.

May 25, 2017

Sorry for this quick bump to v17.3 however we deemed it necessary. In the previous v17.2 we had a slight issue due to packaging certain binary add-ons like PVR, visualisation and Inputstream. Sadly we only uncovered this too late after release. Additionally on the older distros like Ubuntu 14.04 in combination with the available GCC 4.8 compiler an issue surfaced which we had to fix as well. This v17.3 release fixed both these issues and should be completely working again including the missing add-ons.

Fixes done in this release:

  • Fixed missing binary add-ons on release time
  • Fixed crash on older distros like Ubuntu 14.04 with GCC 4.8 compiler

From previous v17.2 release:

  • Fix selection after channelgroup switching in PVR guide window
  • Fix handling of gaps that caused eradic behaviour in EPG grid
  • Allow backing out of fullscreen pictures by mapping longpress guesture
  • Quick fix for wake up command not being called in PVR power management
  • Use alternative method to check if platform updates have been installed on Windows
  • Set the minimum version in the code which is currently OSX 10.8
  • Fix possible security flaw which could abused .zip files which try to traverse to a parent directory
  • Use the correct ttc font from the video file for subtitles on Windows
  • Detect and delete zero-byte database files which causes crashes

Security

You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contacted us up front to let us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms.

To be clear this possible vunrability is only present when you first enable a subtitle dowload add-on and then actually download zipped subtitles. Any subtitles that you already have as text file, are embedded in the video stream or are included with you DVD or Blurays are safe.

Only get static noise on Android?

if you have a Android device that only outputs static noise during playback we’d urge you to contact the manufacturer of your device. Recently we saw that Samsung released their Android 7.0 Nougat update for certain phone range that basically has broken audio support. This is something we as Team Kodi are not going to fix as it’s caused by a bug in their firmware. Only option you have is either stay at Kodi v16 or start contacting your device manufacturer and urge them to fix this issue.

Where can I download Kodi?

As alway you can find the official builds on our download page. Then click on the platform of choice and choose release build. You can install these build just on top of your current Kodi installation without doing a reinstall or cleanup as we do a full migration if needed. All you add-ons or installed skin will keep working.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s