Firmware release notes 4.9.2
This article is a stub. Main article: Firmware release notes 4.9.x.
Release name: "Castor" 4.9.2. Release date: October 3rd, 2025.
Improvements
- Updated the license texts on the “About” page of Control Center to match the currently shipped software.
- The Recovery Console is updated to version 2.24.0.
Fixes
Applies to all DSOS players.
- Restoring some configuration files resulted in a "Some error occurred: Internal Server Error" error; as a result, some upgrades from DSOS 4.8.x and earlier versions could lose the player configuration.
- The player could crash on content reloads or display power management events when web layers were being used.
Security
Applies to all DSOS players.
Updated base libraries and components; the main changes are as follows:
- tzdata: updated from 2024b to 2025b, affecting Paraguay and Chile
- apache2: updated from 2.4.62 to 2.4.65, fixing CVE-2024-42516, CVE-2024-47252 and CVE-2025-54090, all of which could affect DSOS, and CVE-2024-43394, CVE-2024-43204, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, none of which affected DSOS.
- sqlite3: fixed CVE-2025-7458, CVE-2025-6965, all of which could affect DSOS, and CVE-2025-29088 which did not affect DSOS.
- avahi: fixed CVE-2024-52615, which did not affect DSOS.
- binutils: fixed CVE-2025-7545, CVE-2025-7546, CVE-2025-5244, CVE-2025-5245, CVE-2025-1182, CVE-2025-1180, CVE-2025-1182, CVE-2025-1178, CVE-2025-0840, none of which affected DSOS.
- libxml2: fixed CVE-2025-49794, CVE-2025-49796, CVE-2025-6021, CVE-2025-27113 and CVE-2022-49043, all of which could affect DSOS, and CVE-2025-6170, CVE-2025-32415, CVE-2025-32414, CVE-2025-24928 and CVE-2024-56171, none of which affected DSOS.
- ncurses: fixed CVE-2025-6141, which did not affect DSOS.
- gnupg: fixed CVE-2025-30258, which did not affect DSOS.
- iputils: fixed CVE-2025-48964 and CVE-2025-47268, none of which affected DSOS.
- openssl: upgraded from 3.0.16 to 3.0.17 and fixed CVE-2024-41996, which could affect DSOS.
- coreutils: fixed CVE-2025-5278, which did not affect DSOS.
- curl: fixed CVE-2025-0167 and CVE-2024-11053, none of which affected DSOS.
- libsoup-2.4: fixed CVE-2025-4476, CVE-2025-46421, CVE-2025-2784, CVE-2025-32912, CVE-2025-32911, CVE-2025-32913, CVE-2025-32910, CVE-2025-46420 and CVE-2025-32909, none of which affected DSOS, and CVE-2025-4945, CVE-2025-4948, CVE-2025-32907, CVE-2025-4969, CVE-2025-32053, CVE-2025-32052, CVE-2025-32050, CVE-2025-32914, CVE-2025-32906 and CVE-2024-52532, which affected DSOS.
- net-tools: fixed CVE-2025-46836, which did not affect DSOS.
- glibc: fixed CVE-2025-8058, which could affect DSOS, and CVE-2025-4802, which did not affect DSOS.
- glib-2.0: fixed CVE-2025-4373 and CVE-2025-3360, all of which could affect DSOS.
- openssh: fixed CVE-2025-32728 and CVE-2025-26465, none of which affected DSOS.
- busybox: fixed CVE-2023-39810, which did not affect DSOS.
- freetype: fixed CVE-2025-27363, which affected DSOS.
- zlib: fixed CVE-2014-9485, which did not affect DSOS.
- libtasn1: updated from 4.19.0 to 4.20.0, fixing CVE-2024-12133, which affected DSOS.
- libcap: fixed CVE-2025-1390, which did not affect DSOS.
- gnutls: fixed CVE-2024-12243, CVE-2025-6395, CVE-2025-32988, and CVE-2025-32989, all of which affected DSOS, and CVE-2025-32990, which did not affect DSOS.
- jq: fixed CVE-2024-23337, CVE-2024-53427, CVE-2025-48060, all of which affected DSOS.
Updated base libraries and components; the main changes are as follows:
- intel-microcode: updated from version 20250211 to 20250812, fixing CVE-2025-20109, CVE-2025-22839, CVE-2025-22840, CVE-2025-22889, CVE-2025-24305, CVE-2025-32086, CVE-2025-21090, CVE-2024-28956 and CVE-2025-24495.
- grub2: fixed CVE-2025-0690 and CVE-2024-45775, all of which could affect DSOS, and CVE-2025-1118, CVE-2024-45774, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-56737, CVE-2024-45783, none of which affected DSOS.
- gstreamer1.0-rtsp-server: fixed CVE-2024-44331, which affected DSOS.