Given that update9 Uitukka is still in its stabilization period, we decided to roll out the fixes for the recently discovered security vulnerabilities (along with a few others) to your devices while we continue to work with update9. This hotfix update fixes
- Bash vulnerabilities (Shellshock) - CVE-2014-7169, CVE-2014-6271
- NSS vulnerabilities - CVE-2014-1568, CVE-2014-1544, CVE-2014-1491, CVE-2014-1490, CVE-2013-5605, CVE-2013-1739, CVE-2013-1741, CVE-2013-0791
- Also fixed in the browser engine (Mozilla bug #1064636)
- NSPR vulnerabilities - CVE-2014-1545, CVE-2013-5607
Fetch the update
- Working Jolla account configured on your phone
- Charger connected to the phone
- Phone connected to Internet over WLAN or mobile data network.
If you are unable to successfully configure the account, please visit account.jolla.com and try to reset your password.
Users running software version < 18.104.22.168
If your device is running software version lower than 22.214.171.124 and have WareHouse app installed (i.e you are using OpenRepos), disable all openrepo repositories before attempting to upgrade the software of your phone. Else, you risk breaking the device. Read important-steps-to-do-before-updating and how-to-disable-openrepos-repositories posts for more information.
Update the software
If your Jolla is connected to Internet, an OS update notification should pop up shortly. If you just can't wait, you can manually trigger an OS update check as follows:
- Open Settings app
- Go to System > Sailfish OS updates
- Pull down the pulley menu and select 'Check for update'
- Once an OS update notification is received, tap on it and follow the instructions.
Do not reboot the device while the OS update installation is in progress. During the update, the device screen might blank out. You can awaken the display by a short press on the power key to monitor the progress. When the upgrade has completed successfully, you will see the LED light up red before the device restarts.