HP plugs 233 security leaks in the Thin Client OS ThinPro

HP supplies ThinPro, a Linux-based operating system for thin clients. The company has now released an update that closes hundreds of security gaps. IT managers should distribute the updates quickly.

HP writes in the security announcement that the severity level is “critical”. Attackers can execute any malicious code, extend rights, paralyze systems and services (Denial of Service, DoS) or read out information without authorization.

Many security vulnerabilities in thin client operating system

HP lists a total of 233 vulnerabilities. Of these, 21 are considered a critical security risk. Most of them affect GStreamer, but libarchive, the Linux kernel and ZBar are also affected by critical vulnerabilities. A further 77 vulnerabilities represent a “high” risk.

HP is plugging the security leaks with the update to HP ThinPro 8.1 SP6. The new software version is supposed to be available for download on the HP website, but the link currently leads nowhere. It should also be possible to download the update with HP ThinUpdate. If necessary, a search for the device model on HP's support page will spit out the updated ThinPro software.

Thin clients are not only supposed to simplify administration and maintenance in companies, but also provide less of a target for online criminals due to their low software configuration. They only partially fulfill this promise, as the necessary update from HP proves. Older thin clients can be given a second lease of life by hobbyists. They are often suitable for DIY projects – However, as the CPU, RAM, and mass storage of these devices cannot usually be upgraded or converted, attention should be paid to suitable equipment. They can then be used as a NAS or converted into an energy-saving firewall.

(dmk)