Hi,The OpenWrt Community is proud to announce the ninth service release of the stable OpenWrt 18.06 series. OpenWrt 18.06.9 brings security fixes, as well as the usual device support fixes and core components update.
End of support for OpenWrt 18.06This release is the final one for OpenWrt 18.06. You should consider upgrading to a newer version (OpenWrt 19.07 or later)
----- The main highlights of this service release are: Security fixes * Security Advisory 2020-12-09-2 - libuci import heap use after free (CVE-2020-28951) * Security Advisory 2020-12-09-1 - Linux kernel - ICMP rate limiting can be used to facilitate DNS poisoning attack (CVE-2020-25705) * Security Advisory 2020-05-06-2 - relayd out-of-bounds reads of heap data and possible buffer overflow (CVE-2020-11752) * Security Advisory 2020-05-06-1 - umdns out-of-bounds reads of heap data and possible buffer overflow (CVE-2020-11750) * libjson-c: fix out of bounds write vulnerability (CVE-2020-12762) * mac80211: backport some fixes for the Kr00k vulnerability in WPA. It is not clear which wireless driver/firmware combinations could be vulnerable in OpenWrt. These backported patches harden mac80211 just in case.Note: security fixes for most packages can also be applied by upgrading only the affected packages on running devices, without the need for a full firmware upgrade. This can be done with opkg update; opkg upgrade the_package_name or through the LuCI web interface.
Nevertheless, we encourage all users to upgrade their devices to OpenWrt 18.06.9 or a newer major release whenever possible.
Bug fixes * libubox: Fix regression that could cause procd to fail to start or restart some services. This is especially visible as it broke LuCI when upgrading from older 18.06.X releases (FS#3177) * musl: fix locking synchronization bug * kernel: backport out-of-memory fix for non-Ethernet devices * firewall: fix TCP MSS clamping that was only applied on one direction (FS#3231) Device support * brcm63xx: fix BCM6348/BCM6358 hangs while booting (FS#2202) * ipq40xx: fix essedma MAC hang by disabling TCP segmentation offload for IPv6 * ramips: fix USB detection on all rt305x devices * mikrotik: add support for the new ath9k caldata encoding (LZO) found in newer hardware revisions * Various fixes for ZyXEL Keenetic, ZyXEL NBG6616, TP-Link Archer C60 v1/v2, GL.iNet GL-AR750S, Embedded Wireless Dorin, Pirelli A226M-FWB, Arduino Yun Core components update * Linux kernel updated from 4.9.214 to 4.9.243 and from 4.14.171 to 4.14.206 * mbedtls updated from 2.16.4 to 2.16.8 * wireguard updated from 0.0.20190601 to 1.0.20200611 ----- For latest information about the 18.06 series, refer to the wiki at: https://openwrt.org/releases/18.06/ To download the v18.06.9 images, navigate to: https://downloads.openwrt.org/releases/18.06.9/targets/ As always, a big thank you goes to all our active package maintainers, testers, documenters, and supporters. Have fun! The OpenWrt Community
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
