LEDE v17.01.2 Changelog
This changelog lists all commits done in LEDE since the v17.01.1 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.2 release.
Build System / Buildroot (7 changes)
7ee0937
feeds: add option to force feed update despite modified files (+26,-9)
37cf921
build: fix symlinked .config handling (+1,-1)
dbaaeae
image.mk: Generate cpiogz with root-owned files (+1,-1)
a44d7bf
build: fix possible issue with kmod package having multiple AutoLoad's (+12,-9)
4053c4f
include/toplevel: set env GIT_ASKPASS=/bin/true (+1)
65eec8b
build: ensure that flock is available for make download (+1,-1)
2da512e
LEDE v17.01.2: adjust config defaults (+11,-9)
Build System / Feeds (1 change)
2da512e
LEDE v17.01.2: adjust config defaults (+11,-9)
Build System / Host Utilities (2 changes)
dfe2cea
firmware-utils: tplink-safeloader: add support for Archer C5 V2 (+34)
f709597
automake: import upstream fix for perl 5.26 (+30)
Build System / Image Builder (1 change)
379155d
imagebuilder: fix bundling of DTS sources (+3,-2)
Build System / Toolchain (1 change)
dfecce6
toolchain/gdb: update to version 7.12.1 (+2,-2)
Kernel (7 changes)
1ab4126
kernel: use skb_cow_head() to deal with cloned skbs (+267)
3bfe7ee
generic: keep module aliases inside .modinfo (+4,-12)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
9c2bd3d
backlight-pwm: fix module description (+1,-1)
2f92622
kernel: fix autoloading arch-specific modules (+9,-9)
e02b12c
kernel: update kernel 4.4 to 4.4.70 (+7,-7)
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
Packages / Common (29 changes)
449880e
busybox: Move libresolv detection to LEDE Makefile (+6,-18)
5feb4f0
busybox: fix build of nslookup_lede applet without IPv6 (#728) (+33,-9)
72fcdb6
openssl: Use mkhash for STAMP_CONFIGURED (+1,-1)
a2ee9b7
busybox: nslookup_lede: fix compatibility with v1.25 (+7,-6)
fe0b171
busybox: nslookup_lede: mimic output format of old Busybox applet (+61,-22)
ae0e167
busybox: revert accidential version bump (+1,-1)
d8cfeba
dnsmasq: support dhcp_option config as a list (+22,-4)
bc58099
openvpn: move list of params and bools to a separate file (+205,-30)
98491a9
openvpn: add extra respawn parameters (+3)
d40e2ef
OpenVPN: Update to 2.4.1 (+12,-20)
53e751e
openvpn: add myself as maintainer (+1,-1)
aba1b3c
openvpn: update to v2.4.2 (+2,-2)
da4992f
om-watchdog: cleanup Makefile (-8)
38367c5
om-watchdog: cosmetic code style fixes (+31,-31)
9423cf3
om-watchdog: add support for Teltonika RUT5xx (ramips) (+10,-1)
1165c0a
umdns: update to the version 2017-05-22 (+3,-3)
⇒ 64f78f1
Rename mdns_hostname variable to the umdns_host_label (+15,-8)
⇒ ff09d9a
Rename service_name function to the service_instance_name (+13,-4)
⇒ 920c62a
Store instance name in the struct service (+7,-5)
⇒ 26ce7dc
Allow filtering with instance name in service_reply (+9,-6)
⇒ 49fdb9f
Support PTR queries for a specific service (+12,-9)
⇒ 0e8b948
Support specifying instance name in JSON file (+8,-2)
51db1f5
samba: fix CVE-2017-7494 (+33,-4)
dd19a41
dropbear: bump to 2017.75 (+13,-17)
d179aa8
util-linux: fix build with uclibc (+24)
d1a0fc3
binutils: fix build with host gcc < 4.9 (+1.3K)
e194e1b
hostapd: add legacy_rates option to disable 802.11b data rates. (+20,-8)
4bd3b8f
mac80211, hostapd: always explicitly set beacon interval (+10,-9)
22478bf
samba: bump PKG_RELEASE (+1,-1)
78edfff
dnsmasq: don't point --resolv-file to default location unconditionally (+3,-3)
ebf46d2
dnsmasq: use logical interface name for dhcp relay config (+2,-1)
9e20cc5
dnsmasq: make tftp root if not existing (+1,-1)
cdfc678
dnsmasq: bump to 2.77 (+22,-393)
e78a641
umdns: remove superfluous include in init script (-2)
8a42d4d
mwlwifi: update to version 10.3.4.0 / 2017-06-06 (+3,-3)
⇒ 5fac04c
Upgrade 88W8964 firmware to 9.1.2.5. ()
⇒ 7b96b8a
Modification of the code to load firmware 9.1.2.5. (+1.0K)
⇒ f834af0
Re-architecture mwlwifi. (+2.5K,-2.1K)
⇒ 618bbc0
Change driver version to 10.3.4.0-20170216. (+1,-1)
⇒ ce31432
Added draft version for new data path. (+2.5K,-313)
⇒ 25b90b1
Added debugfs "ratetable" to get rate table. (+392,-116)
⇒ ca699af
Connected rx antenna setting for 88W8964. (+20,-5)
⇒ 87b163f
Fixed problem: restart mwlwifi to let AP work. (+11,-4)
⇒ 374afe9
Added functions to check/dump arp/icmp packet. (+285,-124)
⇒ 7b07491
Corrected receive sequence number for slow data. (+34,-21)
⇒ 6457434
Added code to bypass duplicate check of mac80211. (+3,-13)
⇒ 80e1a1a
Added code to bypass ampdu reorder of mac80211. (+4,-2)
⇒ a7cb7ca
Added code to ack (re)assoc resp immediately. (+22,-1)
⇒ 217ad84
Won't reset sequence number of Tx BA stream. (+60,-11)
⇒ ef239c5
Fixed problem: iperf Tx can't work. (+76,-69)
⇒ 12185a6
Fixed problem: "wifi up" will destroy data path. (+64,-68)
⇒ + 31 more...
Packages / Firmware (1 change)
0e31ce7
ath10k-firmware: do not select the qca988x by default (-1)
Packages / LEDE base files (5 changes)
0c8f726
base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver() (+20)
524ed50
base-files: always set proto passed to _ucidef_set_interface() (+1,-1)
df4363b
base-files: network.sh: properly report local IPv6 addresses (+14,-18)
e5db08e
base-files: network.sh: fix a number of IPv6 logic flaws (+48,-17)
2da512e
LEDE v17.01.2: adjust config defaults (+11,-9)
Packages / LEDE network userland (3 changes)
c266641
odhcpd: update to version 2017-04-21 (+3,-3)
⇒ adc8f62
dhcpv6-ia: create assignment for unknown IA in rebind messages (+9,-4)
⇒ 4e579c4
dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging (+165,-123)
⇒ 570069d
ubus: rework dumping IPv6 and IPv4 leases (+73,-49)
503e496
odhcpd: update to version 2017-04-28 (FS#595) (+3,-3)
⇒ c0e9dbf
ubus: don't segfault when there're no leases (+3,-3)
⇒ a54afb5
dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file (+1,-1)
⇒ 7dff5b4
ndp: fix wrong interface name in syslog message (+2,-2)
⇒ 2b3355f
ndp: fix adding proxy neighbor entries (+4,-4)
⇒ 9268ca6
ndp: don't trigger IPv6 ping when neighbor entry is invalid (+1,-22)
757353c
firewall: resync with master (+4,-4)
Packages / LEDE system userland (6 changes)
2bc8d5e
ubox: bump to version 2017-03-10 (+3,-3)
⇒ acc48b5
kmodloader: Fix typo in error message (+1,-1)
⇒ db070f1
ubox: Fix some memory leaks (+10,-4)
⇒ 8488bb5
ubox: Initialize conditionally uninitialized variabled (+15,-8)
⇒ eacc426
kmodloader: remove redundant glob wildcard char (+1,-1)
⇒ 46a4b5f
kmodloader: log to kmsg when loading directories of modules (+4,-2)
⇒ a62c946
kmodloader: modprobe: skip possible command line arguments (+9,-2)
⇒ 9371411
kmodloader: fix out-of-bound access when parsing .modinfo (+6,-2)
⇒ 6e3c6dc
kmodloader: add module alias awareness (+129,-23)
⇒ 14839f0
kmodloader: make insert_module() idempotent (+4,-1)
⇒ f8d3d16
ubox: Add an option for more accurate timestamps in log (+21,-4)
⇒ ac2d43e
kmodloader: support '-q' quiet option (+29,-10)
⇒ fce9382
cmake: Check for getrandom system call (+11,-4)
⇒ 8973576
kmodloader: fix not being able to find some modules (+7,-4)
⇒ c553354
cmake: fix typo (+1,-1)
⇒ 3dc78a4
kmodloader: don't store aliases info in struct module (+4,-28)
⇒ 21a4bd0
kmodloader: modprobe: return 0 for loaded modules (+1,-1)
⇒ + 1 more...
e200c66
rpcd: Explicitly link with lcrypt (+2)
0bef8f8
fstools: backport regression fix for volume_identify (+57)
7c1e588
usbmode: Update to latest HEAD (+3,-3)
⇒ 8a47c4b
add TargetClass support (+11)
⇒ 2769852
cmake: Find libubox/blobmsg_json.h (+3)
⇒ 61fdf7e
cmake: Search for libjson-c (+2,-1)
⇒ 22f041e
Extend StandardEject sequence to include LUN 1 (+6)
4baf0ea
usbmode: update to latest version (+3,-3)
⇒ 453da8e
convert-modeswitch.pl: fix message indices (+1,-1)
fe5e343
usbmode: update usb-modeswitch-data to 20170205 (+2,-2)
Target / apm821xx (1 change)
e02b12c
kernel: update kernel 4.4 to 4.4.70 (+7,-7)
Target / ar71xx (8 changes)
3dbc417
ar71xx: add TP-LINK TL-WR841N/ND v12 image (+7,-1)
1d1935b
ar71xx: fix minor syntax error in /lib/upgrade/platform.sh (+1,-1)
58ec566
ar71xx: select ATH79_NVRAM only by boards actually use it (+5,-4)
8011215
ar71xx: enable nand-utils in the mikrotik subtarget to ensure it makes it to ... (+4,-2)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
a412350
ar71xx: fix GE interface support in Wallys DR344 (+8,-30)
21a7e40
ar71xx: set GE interface as wan by default in Wallys DR344 (+1,-1)
b1257d8
ar71xx: fix Wallys DR344 GPIO-connected LEDs and button (+33,-10)
Target / bcm53xx (5 changes)
ad145e0
bcm53xx: prepare for building Archer C5 V2 image (+9)
3ff31f8
bcm53xx: parepare for building more Linksys images (+16,-1)
9437fbb
bcm53xx: backport BCM5301X patches (+975,-2)
d1e0cc8
bcm53xx: backport DT patches for serial, thermal and MDIO (+288,-1)
74100f3
bcm53xx: add support for TP-LINK Archer C5 V2 (+36,-2)
Target / brcm2708 (2 changes)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
e02b12c
kernel: update kernel 4.4 to 4.4.70 (+7,-7)
Target / brcm63xx (3 changes)
bf534e4
brcm63xx: Add Observa VH4032N support (+193)
d90ff22
brcm63xx: fix invalid Asmax AR 1004g DTS reference (+1,-1)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
Target / cns3xxx (1 change)
105d5b6
cns3xxx: use proper macro's for ID handling (+3,-3)
Target / ipq806x (4 changes)
bc0de27
ipq806x: fix EA8500 switch configuration (+1,-1)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
784ceba
treewide: select ath10k firmware explicit (+1,-1)
20198f7
ipq806x: fix Netgear X4 R7500 ath10k firmware selection (+1,-1)
Target / lantiq (6 changes)
d49920e
lantiq: fix avm fritz box mac addresses (+17,-9)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
254bf79
lantiq: xrx200: use vlan for ethernet wan port (+9,-39)
4186d73
lantiq: use the P2812HNUF* wan port as wan (+1,-1)
36ccbbd
lantiq: select kmod-mt7603 instead of kmod-mt76 for WBMR-300HPD (+1,-1)
bf6216e
lantiq: fix broadcasts and vlans in two iface mode (+6,-5)
Target / mediatek (1 change)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
Target / oxnas (1 change)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
Target / ramips (24 changes)
9117ef8
ramips: update DEVICE_PACKAGES for Ubiquiti EdgeRouter X (+1,-1)
dbd2212
ramips: WN3000RPv3: do not setup switch (+1)
26f07f6
ramips: fixed sms led polarity into dwr-512 DT (+1,-1)
0f3c2d0
ramips: Clean duplicated status property for Omega2 WMAC in dtsi (-4)
846457f
ramips: fix mac address of miwifi-mini (+5,-1)
1aee42c
ramips: add support for Netgear WN3000RPv3 (+163,-2)
85bca2d
ramips: correct keenetic-series switch index (+1,-1)
9494825
ramips: ZyXEL Keenetic Omni align factory images (+2,-2)
a12655a
ramips: ZyXEL Keenetic series update wan mac (+3,-1)
0405851
ramips: fix EX2700 wireless mac (+11,-13)
a666236
ramips: add ip17xx support to WLI-TX4-AG300N (+1)
5b2624d
ramips: ZyXEL Keenetic Viva: export gpio usb power (+11)
fd693bc
ramips: ZyXEL Keenetic Viva: align factory images (+1,-1)
28d6265
ramips: ZyXEL Keenetic Omni/Omni2: export gpio usb power (+22)
6aa0a85
ramips: remove DT pcie nodes for GL-MT300A/N (-26)
f1f0b92
ramips: cleanup SPI flash device tree properties usage (+6,-116)
88cc06a
ramips: remove Planex CS-QR10 sound device tree node (-11)
7e2ad9c
ramips: fix Sercomm NA930 compatible string (+1,-1)
49ce6d0
ramips: add support for Sanlinking D240 (+175)
8b9f7bd
ramips: WN3000RPv3: do not setup switch (-1)
79cd141
ramips: enable ramdisk for mt7621 (+1,-1)
8619683
ramips: add factory firmware for Tp-Link C20i/C50 (+4)
7f3ec01
ramips: fixup-mac-address: add missing include (+1)
4bd98e9
ramips: add om-watchdog to rut5xx DEVICE_PACKAGES (+1)
Target / sunxi (1 change)
215c1d0
kernel: update kernel 4.4 to 4.4.69 (+143,-474)
Target / x86 (3 changes)
af1d1eb
x86: enable 4G high memory support for generic (32bit) subtarget (+8,-3)
b78bcdf
x86: disable X2APIC support for legacy subtargets (+2)
443d705
Add missing APU1 reference to x86 board.d (+2,-2)
Wireless / Common (10 changes)
a972879
ath: do not apply broken power limits with ATH_USER_REGD (+44,-12)
5ac51ad
ath9k: fix power limits on init (+47)
ceefe61
mac80211: add rt2x00 debug symbols to PKG_CONFIG_DEPENDS (+2)
4314646
rt2x00: mt7620: yet another beauty session (+524,-171)
ab7087e
rt2x00: mt7620: make fixes requested upstream (+674,-170)
5b91d2b
mac80211: rt2x00: import upstream changes and rebase our patches (+1.7K,-189)
820a396
mac80211: rt2x00: fix MT7620 LNA gain and VCO-after-ALC (+88)
64fa4ea
mac80211: rt2800: fix mt7620 vco calibration registers (+50)
eb11207
mac80211: rt2800: fix mt7620 E2 channel registers (+41)
4bd3b8f
mac80211, hostapd: always explicitly set beacon interval (+10,-9)
Addressed bugs
#285
Description: Kernel panic on ebox-3300 (Vortex86DX CPU)
Link: https://bugs.lede-project.org/index.php?do=details&task_id=285
Commits:
b78bcdf
x86: disable X2APIC support for legacy subtargets (+2)
#359
Description: kirkwood: kernel does not recognize rootfs in ubi
Link: https://bugs.lede-project.org/index.php?do=details&task_id=359
Commits:
a666236
ramips: add ip17xx support to WLI-TX4-AG300N (+1)
#548
Description: firewall3: Timezone problems, UTC used always despite UTC Time not checked
Link: https://bugs.lede-project.org/index.php?do=details&task_id=548
Commits:
757353c
firewall: resync with master (+4,-4)
#572
Description: OpenSSL STAMP_CONFIGURED can lead to filename too long
Link: https://bugs.lede-project.org/index.php?do=details&task_id=572
Commits:
72fcdb6
openssl: Use mkhash for STAMP_CONFIGURED (+1,-1)
#595
Description: odhcpd in relay mode floods network with NS packets
Link: https://bugs.lede-project.org/index.php?do=details&task_id=595
Commits:
503e496
odhcpd: update to version 2017-04-28 (FS#595) (+3,-3)
⇒ c0e9dbf
ubus: don't segfault when there're no leases (+3,-3)
⇒ a54afb5
dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file (+1,-1)
⇒ 7dff5b4
ndp: fix wrong interface name in syslog message (+2,-2)
⇒ 2b3355f
ndp: fix adding proxy neighbor entries (+4,-4)
⇒ 9268ca6
ndp: don't trigger IPv6 ping when neighbor entry is invalid (+1,-22)
#619
Description: mac80211: AP+11s VIFs broken
Link: https://bugs.lede-project.org/index.php?do=details&task_id=619
Commits:
4bd3b8f
mac80211, hostapd: always explicitly set beacon interval (+10,-9)
#640
Description: Undocumented / unnamed firewall rules installed by default
Link: https://bugs.lede-project.org/index.php?do=details&task_id=640
Commits:
757353c
firewall: resync with master (+4,-4)
#658
Description: umdns init error during build
Link: https://bugs.lede-project.org/index.php?do=details&task_id=658
Commits:
e78a641
umdns: remove superfluous include in init script (-2)
#684
Description: bug in kmod-can
Link: https://bugs.lede-project.org/index.php?do=details&task_id=684
Commits:
2bc8d5e
ubox: bump to version 2017-03-10 (+3,-3)
⇒ acc48b5
kmodloader: Fix typo in error message (+1,-1)
⇒ db070f1
ubox: Fix some memory leaks (+10,-4)
⇒ 8488bb5
ubox: Initialize conditionally uninitialized variabled (+15,-8)
⇒ eacc426
kmodloader: remove redundant glob wildcard char (+1,-1)
⇒ 46a4b5f
kmodloader: log to kmsg when loading directories of modules (+4,-2)
⇒ a62c946
kmodloader: modprobe: skip possible command line arguments (+9,-2)
⇒ 9371411
kmodloader: fix out-of-bound access when parsing .modinfo (+6,-2)
⇒ 6e3c6dc
kmodloader: add module alias awareness (+129,-23)
⇒ 14839f0
kmodloader: make insert_module() idempotent (+4,-1)
⇒ f8d3d16
ubox: Add an option for more accurate timestamps in log (+21,-4)
⇒ ac2d43e
kmodloader: support '-q' quiet option (+29,-10)
⇒ fce9382
cmake: Check for getrandom system call (+11,-4)
⇒ 8973576
kmodloader: fix not being able to find some modules (+7,-4)
⇒ c553354
cmake: fix typo (+1,-1)
⇒ 3dc78a4
kmodloader: don't store aliases info in struct module (+4,-28)
⇒ 21a4bd0
kmodloader: modprobe: return 0 for loaded modules (+1,-1)
⇒ + 1 more...
#728
Description: BusyBox/nslookup_lede compile error when build without IPV6 support
Link: https://bugs.lede-project.org/index.php?do=details&task_id=728
Commits:
5feb4f0
busybox: fix build of nslookup_lede applet without IPv6 (#728) (+33,-9)
#745
Description: kmod-crypto-sha256 unknown symbols
Link: https://bugs.lede-project.org/index.php?do=details&task_id=745
Commits:
2f92622
kernel: fix autoloading arch-specific modules (+9,-9)
#754
Description: BenNanoNote hostname setting broken?
Link: https://bugs.lede-project.org/index.php?do=details&task_id=754
Commits:
0c8f726
base-files: implement ucidef_set_hostname(), ucidef_set_ntpserver() (+20)
#758
Description: factory image for ubnt er-x missing
Link: https://bugs.lede-project.org/index.php?do=details&task_id=758
Commits:
79cd141
ramips: enable ramdisk for mt7621 (+1,-1)
#766
Description: Intermittent SIGSEGV crash of dnsmasq-full
Link: https://bugs.lede-project.org/index.php?do=details&task_id=766
Commits:
cdfc678
dnsmasq: bump to 2.77 (+22,-393)
#774
Description: fixup-mac-address script is broken
Link: https://bugs.lede-project.org/index.php?do=details&task_id=774
Commits:
7f3ec01
ramips: fixup-mac-address: add missing include (+1)
#806
Description: Does not equal iptables rule not working
Link: https://bugs.lede-project.org/index.php?do=details&task_id=806
Commits:
757353c
firewall: resync with master (+4,-4)
#811
Description: r4214 - iptables (?) not read properly /etc/config/firewall
Link: https://bugs.lede-project.org/index.php?do=details&task_id=811
Commits:
757353c
firewall: resync with master (+4,-4)
#829
Description: network.sh incorrectly hardcodes IPv6 address suffix
Link: https://bugs.lede-project.org/index.php?do=details&task_id=829
Commits:
df4363b
base-files: network.sh: properly report local IPv6 addresses (+14,-18)
Security fixes
CVE-2017-7478
Description: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7478
Commits:
aba1b3c
openvpn: update to v2.4.2 (+2,-2)
CVE-2017-7479
Description: OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7479
Commits:
aba1b3c
openvpn: update to v2.4.2 (+2,-2)
CVE-2017-7494
Description: Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7494
Commits:
51db1f5
samba: fix CVE-2017-7494 (+33,-4)
CVE-2017-8890
Description: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
CVE-2017-9074
Description: The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
CVE-2017-9075
Description: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
CVE-2017-9076
Description: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
CVE-2017-9077
Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)
CVE-2017-9078
Description: The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9078
Commits:
dd19a41
dropbear: bump to 2017.75 (+13,-17)
CVE-2017-9079
Description: Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9079
Commits:
dd19a41
dropbear: bump to 2017.75 (+13,-17)
CVE-2017-9242
Description: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Commits:
4fbd072
kernel: update kernel 4.4 to 4.4.71 (+5,-5)