| Next revision | Previous revision Next revisionBoth sides next revision |
| releases:17.01:changelog-17.01.3 [2017/10/02 15:38] – created jow | releases:17.01:changelog-17.01.3 [2017/10/02 16:33] – sort CVEs numerically jow |
|---|
| The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release. | The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release. |
| |
| ==== Build System / Buildroot (4 changes) ==== | ==== Build System / Buildroot (3 changes) ==== |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=27da508749e038479ceb19435cf2ca548cd5aef8|27da508]]'' **<nowiki>build:</nowiki>** <nowiki>fix kmod package build on non-GNU systems</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=27da508749e038479ceb19435cf2ca548cd5aef8|27da508]]'' **<nowiki>build:</nowiki>** <nowiki>fix kmod package build on non-GNU systems</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f6907dcc7968a81ebbe75b630dde919468cc8025|f6907dc]]'' **<nowiki>image:</nowiki>** <nowiki>fix ar71xx legacy images</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f6907dcc7968a81ebbe75b630dde919468cc8025|f6907dc]]'' **<nowiki>image:</nowiki>** <nowiki>fix ar71xx legacy images</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=d33f7905dfb39458ff2127237be22a54e806bdc9|d33f790]]'' **<nowiki>treewide:</nowiki>** <nowiki>fix shellscript syntax errors/typos</nowiki> //<color #ccc>(</color><color #282>+10</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=d33f7905dfb39458ff2127237be22a54e806bdc9|d33f790]]'' **<nowiki>treewide:</nowiki>** <nowiki>fix shellscript syntax errors/typos</nowiki> //<color #ccc>(</color><color #282>+10</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ |
| |
| ==== Build System / Feeds (1 change) ==== | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ | |
| |
| ==== Build System / Host Utilities (1 change) ==== | ==== Build System / Host Utilities (1 change) ==== |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a881323cb2e78c9f25935f6ae90feaaf5606969e|a881323]]'' **<nowiki>ltq-vdsl-mei:</nowiki>** <nowiki>revert disable optimized firmware download</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a881323cb2e78c9f25935f6ae90feaaf5606969e|a881323]]'' **<nowiki>ltq-vdsl-mei:</nowiki>** <nowiki>revert disable optimized firmware download</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\ |
| |
| ==== Packages / LEDE base files (5 changes) ==== | ==== Packages / LEDE base files (4 changes) ==== |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=761e6087ed6d2c41a51f4bc5b91539857e324ac7|761e608]]'' **<nowiki>base-files:</nowiki>** <nowiki>fix PKG_CONFIG_DEPENDS to include version.mk entries</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=761e6087ed6d2c41a51f4bc5b91539857e324ac7|761e608]]'' **<nowiki>base-files:</nowiki>** <nowiki>fix PKG_CONFIG_DEPENDS to include version.mk entries</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=889638c8bf3c88d0acae2b756aa97d6160579b35|889638c]]'' **<nowiki>base-files:</nowiki>** <nowiki>don't setup network in preinit if failsafe is disabled</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=889638c8bf3c88d0acae2b756aa97d6160579b35|889638c]]'' **<nowiki>base-files:</nowiki>** <nowiki>don't setup network in preinit if failsafe is disabled</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| ==== Packages / LEDE system userland (5 changes) ==== | ==== Packages / LEDE system userland (5 changes) ==== |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=eff34695104da2d3e960841ff79b1cd590021acd|eff3469]]'' **<nowiki>procd:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=eff34695104da2d3e960841ff79b1cd590021acd|eff3469]]'' **<nowiki>procd:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=271622810ee2b2c6bf6127660f395c53f5f87b1c|2716228]]'' **<nowiki>procd:</nowiki>** <nowiki>service gets deleted when its last instance is freed</nowiki> //<color #ccc>(</color><color #282>+5</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=889442c237218416d3bb3f633472e1ec3b8c09b5|889442c]]'' **<nowiki>procd:</nowiki>** <nowiki>Add missing \n in debug message</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=225b18d22d9f1e47ff99632d038d7777e0763104|225b18d]]'' **<nowiki>procd:</nowiki>** <nowiki>Don't use syslog before its initialization</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=5131bec446415a4dd3acb28cf41dec482fe02e24|5131bec]]'' **<nowiki>procd:</nowiki>** <nowiki>Log initscript output prefixed with script name</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=cd5225d98cf6b94c15402077cddbc857c70ded90|cd5225d]]'' **<nowiki>procd/rcS:</nowiki>** <nowiki>Use /dev/null as stdin</nowiki> //<color #ccc>(</color><color #282>+6</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=6e8ea8bd3397937188a3931c471d9f3a931b4cb8|6e8ea8b]]'' **<nowiki>rcS:</nowiki>** <nowiki>add missing fcntl.h include</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=22f89e1839c98912827bfd8e01d2390ef1053281|22f89e1]]'' **<nowiki>upgraded:</nowiki>** <nowiki>define __GNU_SOURCE</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=558ffb5cc462b144947b7aa7e78adf062ab4f100|558ffb5]]'' **<nowiki>service/service_stopped():</nowiki>** <nowiki>fix a use-after-free</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=6b0da203c0ad0e91e281bdcf271a37ad93ca5b13|6b0da20]]'' **<nowiki>hotplug:</nowiki>** <nowiki>fix a memory leak in handle_button_complete()</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=8fd57dd387d30d2e31731fc921e8997bb6f2f5e6|8fd57dd]]'' **<nowiki>upgraded:</nowiki>** <nowiki>cmake: Find and include uloop.h</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=8297c384f1f34f1e77649fabf93be87782fc6063|8297c38]]'' **<nowiki>preinit:</nowiki>** <nowiki>define _GNU_SOURCE</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=89918c8cb78e651ee0922f13a96b7f25fc2f285a|89918c8]]'' **<nowiki>system:</nowiki>** <nowiki>introduce new attribute board_name</nowiki> //<color #ccc>(</color><color #282>+34</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7896d7b81499b9edc6a6fd2ce1a1e3585992a2fe|7896d7b]]'' **<nowiki>fstools:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-60</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7896d7b81499b9edc6a6fd2ce1a1e3585992a2fe|7896d7b]]'' **<nowiki>fstools:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-60</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=34d36c29b9d599b0748d49aca8dab2c122633d35|34d36c2]]'' <nowiki>add missing includes</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=be5004c60e8c5f3b98c1e854d36d7798438ae56c|be5004c]]'' **<nowiki>libfstools:</nowiki>** <nowiki>add basic documentation of mount functions</nowiki> //<color #ccc>(</color><color #282>+15</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=cddc8306443b4d3941283402a8dba36808fbfa89|cddc830]]'' **<nowiki>libfstools:</nowiki>** <nowiki>silence mkfs.{ext4,f2fs}</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=d36192325756cfada19cccf5f05a94720ec36262|d361923]]'' **<nowiki>build:</nowiki>** <nowiki>disable the format-truncation warning error to fix gcc 7 build errors</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=45c2a6ff74d4d26a29ed2e79f0d65b13a0caee20|45c2a6f]]'' **<nowiki>libfstools:</nowiki>** <nowiki>fix multiple volume_identify usages with the same volume</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=ef2d4387ee99219f1ead6b4c4c19731d436de44b|ef2d438]]'' **<nowiki>fstools:</nowiki>** <nowiki>use -Wno-format-truncation instead of -Wno-error=format-truncation</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=bdcb075fafdac0bfe3207c23f64acd58432bad86|bdcb075]]'' **<nowiki>libfstools:</nowiki>** <nowiki>fix matching device name</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=82b20d74cbdde4065a8a991696e56c7c0ea120e1|82b20d7]]'' **<nowiki>procd:</nowiki>** <nowiki>backport kernel watchdog start/stop support</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=82b20d74cbdde4065a8a991696e56c7c0ea120e1|82b20d7]]'' **<nowiki>procd:</nowiki>** <nowiki>backport kernel watchdog start/stop support</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ |
| | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=4dbf57a63b99f7bcaaf40679140995f80d864004|4dbf57a]]'' **<nowiki>watchdog:</nowiki>** <nowiki>add support for starting/stopping kernel watchdog</nowiki> //<color #ccc>(</color><color #282>+74</color><color #ccc>,</color><color #f00>-18</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=66b071fa095ef25a234235228b52a18be92fe1aa|66b071f]]'' **<nowiki>procd:</nowiki>** <nowiki>update to latest git HEAD</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=66b071fa095ef25a234235228b52a18be92fe1aa|66b071f]]'' **<nowiki>procd:</nowiki>** <nowiki>update to latest git HEAD</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ |
| => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=3e68cdfdc5221d2a9268e9b30fbd474ea20b92f8|3e68cdf]]'' **<nowiki>procd:</nowiki>** <nowiki>Do not leak pipe file descriptors to children</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>)</color>//\\ | => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=3e68cdfdc5221d2a9268e9b30fbd474ea20b92f8|3e68cdf]]'' **<nowiki>procd:</nowiki>** <nowiki>Do not leak pipe file descriptors to children</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>)</color>//\\ |
| |
| ===== Addressed bugs ===== | ===== Addressed bugs ===== |
| === #7 === | |
| **Description:** <nowiki>hostapd fails to start if automatic channel selection is set</nowiki>\\ | |
| **Link:** [[https://bugs.lede-project.org/index.php?do=details&task_id=7]]\\ | |
| **Commits:**\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e08b8255ec41946ed80f77dd551e93af9de01cb9|e08b825]]'' **<nowiki>ramips:</nowiki>** <nowiki>fix wps button gpio for DWR-512</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | |
| \\ | |
| === #577 === | === #577 === |
| **Description:** <nowiki>Poweroff command hand Geode system instead of switch off.</nowiki>\\ | **Description:** <nowiki>Poweroff command hand Geode system instead of switch off.</nowiki>\\ |
| |
| ===== Security fixes ==== | ===== Security fixes ==== |
| === CVE-2017-1000100 === | === CVE-2017-7407 === |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\ | **Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\ |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-1000101 === | === CVE-2017-7468 === |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\ | **Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\ |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-1000111 === | === CVE-2017-7508 === |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\ | **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\ |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-1000112 === | === CVE-2017-7512 === |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\ | **Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ |
| | **Commits:**\\ |
| | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ |
| | \\ |
| | === CVE-2017-7520 === |
| | **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ |
| | **Commits:**\\ |
| | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ |
| | \\ |
| | === CVE-2017-7521 === |
| | **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ |
| | **Commits:**\\ |
| | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ |
| | \\ |
| | === CVE-2017-7522 === |
| | **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ |
| | **Commits:**\\ |
| | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ |
| | \\ |
| | === CVE-2017-7533 === |
| | **Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> |
| | |
| | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\ |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-7407 === | === CVE-2017-1000100 === |
| **Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\ |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\ | |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-7468 === | === CVE-2017-1000101 === |
| **Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.</nowiki> | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\ |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\ | |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-7508 === | === CVE-2017-1000111 === |
| **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\ |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\ | |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ |
| \\ | \\ |
| === CVE-2017-7512 === | === CVE-2017-1000112 === |
| **Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> | **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\ |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ | |
| **Commits:**\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ | |
| \\ | |
| === CVE-2017-7520 === | |
| **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> | |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ | |
| **Commits:**\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ | |
| \\ | |
| === CVE-2017-7521 === | |
| **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> | |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ | |
| **Commits:**\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ | |
| \\ | |
| === CVE-2017-7522 === | |
| **Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> | |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ | |
| **Commits:**\\ | |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ | |
| \\ | |
| === CVE-2017-7533 === | |
| **Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> | |
| | |
| **Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\ | |
| **Commits:**\\ | **Commits:**\\ |
| ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ | ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ |
| \\ | \\ |