Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
releases:17.01:changelog-17.01.3 [2017/10/02 15:38] – created jowreleases:17.01:changelog-17.01.3 [2017/10/02 16:33] – sort CVEs numerically jow
Line 4: Line 4:
 The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release.  The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.3 release. 
  
-==== Build System / Buildroot (changes) ==== +==== Build System / Buildroot (changes) ====
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\+
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=27da508749e038479ceb19435cf2ca548cd5aef8|27da508]]'' **<nowiki>build:</nowiki>** <nowiki>fix kmod package build on non-GNU systems</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=27da508749e038479ceb19435cf2ca548cd5aef8|27da508]]'' **<nowiki>build:</nowiki>** <nowiki>fix kmod package build on non-GNU systems</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f6907dcc7968a81ebbe75b630dde919468cc8025|f6907dc]]'' **<nowiki>image:</nowiki>** <nowiki>fix ar71xx legacy images</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f6907dcc7968a81ebbe75b630dde919468cc8025|f6907dc]]'' **<nowiki>image:</nowiki>** <nowiki>fix ar71xx legacy images</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=d33f7905dfb39458ff2127237be22a54e806bdc9|d33f790]]'' **<nowiki>treewide:</nowiki>** <nowiki>fix shellscript syntax errors/typos</nowiki> //<color #ccc>(</color><color #282>+10</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=d33f7905dfb39458ff2127237be22a54e806bdc9|d33f790]]'' **<nowiki>treewide:</nowiki>** <nowiki>fix shellscript syntax errors/typos</nowiki> //<color #ccc>(</color><color #282>+10</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\
- 
-==== Build System / Feeds (1 change) ==== 
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\ 
  
 ==== Build System / Host Utilities (1 change) ==== ==== Build System / Host Utilities (1 change) ====
Line 63: Line 59:
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a881323cb2e78c9f25935f6ae90feaaf5606969e|a881323]]'' **<nowiki>ltq-vdsl-mei:</nowiki>** <nowiki>revert disable optimized firmware download</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a881323cb2e78c9f25935f6ae90feaaf5606969e|a881323]]'' **<nowiki>ltq-vdsl-mei:</nowiki>** <nowiki>revert disable optimized firmware download</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\
  
-==== Packages / LEDE base files (changes) ==== +==== Packages / LEDE base files (changes) ====
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=a6b5ddfd9b87962365b0bcdfa14f179ed404af43|a6b5ddf]]'' <nowiki>LEDE v17.01.2: revert to branch defaults</nowiki> //<color #ccc>(</color><color #282>+9</color><color #ccc>,</color><color #f00>-11</color><color #ccc>)</color>//\\+
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=761e6087ed6d2c41a51f4bc5b91539857e324ac7|761e608]]'' **<nowiki>base-files:</nowiki>** <nowiki>fix PKG_CONFIG_DEPENDS to include version.mk entries</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=761e6087ed6d2c41a51f4bc5b91539857e324ac7|761e608]]'' **<nowiki>base-files:</nowiki>** <nowiki>fix PKG_CONFIG_DEPENDS to include version.mk entries</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=889638c8bf3c88d0acae2b756aa97d6160579b35|889638c]]'' **<nowiki>base-files:</nowiki>** <nowiki>don't setup network in preinit if failsafe is disabled</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=889638c8bf3c88d0acae2b756aa97d6160579b35|889638c]]'' **<nowiki>base-files:</nowiki>** <nowiki>don't setup network in preinit if failsafe is disabled</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
Line 79: Line 74:
 ==== Packages / LEDE system userland (5 changes) ==== ==== Packages / LEDE system userland (5 changes) ====
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=eff34695104da2d3e960841ff79b1cd590021acd|eff3469]]'' **<nowiki>procd:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=eff34695104da2d3e960841ff79b1cd590021acd|eff3469]]'' **<nowiki>procd:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=271622810ee2b2c6bf6127660f395c53f5f87b1c|2716228]]'' **<nowiki>procd:</nowiki>** <nowiki>service gets deleted when its last instance is freed</nowiki> //<color #ccc>(</color><color #282>+5</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=889442c237218416d3bb3f633472e1ec3b8c09b5|889442c]]'' **<nowiki>procd:</nowiki>** <nowiki>Add missing \n in debug message</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=225b18d22d9f1e47ff99632d038d7777e0763104|225b18d]]'' **<nowiki>procd:</nowiki>** <nowiki>Don't use syslog before its initialization</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=5131bec446415a4dd3acb28cf41dec482fe02e24|5131bec]]'' **<nowiki>procd:</nowiki>** <nowiki>Log initscript output prefixed with script name</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=cd5225d98cf6b94c15402077cddbc857c70ded90|cd5225d]]'' **<nowiki>procd/rcS:</nowiki>** <nowiki>Use /dev/null as stdin</nowiki> //<color #ccc>(</color><color #282>+6</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=6e8ea8bd3397937188a3931c471d9f3a931b4cb8|6e8ea8b]]'' **<nowiki>rcS:</nowiki>** <nowiki>add missing fcntl.h include</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=22f89e1839c98912827bfd8e01d2390ef1053281|22f89e1]]'' **<nowiki>upgraded:</nowiki>** <nowiki>define __GNU_SOURCE</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=558ffb5cc462b144947b7aa7e78adf062ab4f100|558ffb5]]'' **<nowiki>service/service_stopped():</nowiki>** <nowiki>fix a use-after-free</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=6b0da203c0ad0e91e281bdcf271a37ad93ca5b13|6b0da20]]'' **<nowiki>hotplug:</nowiki>** <nowiki>fix a memory leak in handle_button_complete()</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=8fd57dd387d30d2e31731fc921e8997bb6f2f5e6|8fd57dd]]'' **<nowiki>upgraded:</nowiki>** <nowiki>cmake: Find and include uloop.h</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=8297c384f1f34f1e77649fabf93be87782fc6063|8297c38]]'' **<nowiki>preinit:</nowiki>** <nowiki>define _GNU_SOURCE</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=89918c8cb78e651ee0922f13a96b7f25fc2f285a|89918c8]]'' **<nowiki>system:</nowiki>** <nowiki>introduce new attribute board_name</nowiki> //<color #ccc>(</color><color #282>+34</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7896d7b81499b9edc6a6fd2ce1a1e3585992a2fe|7896d7b]]'' **<nowiki>fstools:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-60</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7896d7b81499b9edc6a6fd2ce1a1e3585992a2fe|7896d7b]]'' **<nowiki>fstools:</nowiki>** <nowiki>backport fixes from master branch</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>,</color><color #f00>-60</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=34d36c29b9d599b0748d49aca8dab2c122633d35|34d36c2]]'' <nowiki>add missing includes</nowiki> //<color #ccc>(</color><color #282>+4</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=be5004c60e8c5f3b98c1e854d36d7798438ae56c|be5004c]]'' **<nowiki>libfstools:</nowiki>** <nowiki>add basic documentation of mount functions</nowiki> //<color #ccc>(</color><color #282>+15</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=cddc8306443b4d3941283402a8dba36808fbfa89|cddc830]]'' **<nowiki>libfstools:</nowiki>** <nowiki>silence mkfs.{ext4,f2fs}</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-2</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=d36192325756cfada19cccf5f05a94720ec36262|d361923]]'' **<nowiki>build:</nowiki>** <nowiki>disable the format-truncation warning error to fix gcc 7 build errors</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=45c2a6ff74d4d26a29ed2e79f0d65b13a0caee20|45c2a6f]]'' **<nowiki>libfstools:</nowiki>** <nowiki>fix multiple volume_identify usages with the same volume</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=ef2d4387ee99219f1ead6b4c4c19731d436de44b|ef2d438]]'' **<nowiki>fstools:</nowiki>** <nowiki>use -Wno-format-truncation instead of -Wno-error=format-truncation</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/fstools.git;a=commitdiff;h=bdcb075fafdac0bfe3207c23f64acd58432bad86|bdcb075]]'' **<nowiki>libfstools:</nowiki>** <nowiki>fix matching device name</nowiki> //<color #ccc>(</color><color #282>+2</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=82b20d74cbdde4065a8a991696e56c7c0ea120e1|82b20d7]]'' **<nowiki>procd:</nowiki>** <nowiki>backport kernel watchdog start/stop support</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=82b20d74cbdde4065a8a991696e56c7c0ea120e1|82b20d7]]'' **<nowiki>procd:</nowiki>** <nowiki>backport kernel watchdog start/stop support</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\
 + => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=4dbf57a63b99f7bcaaf40679140995f80d864004|4dbf57a]]'' **<nowiki>watchdog:</nowiki>** <nowiki>add support for starting/stopping kernel watchdog</nowiki> //<color #ccc>(</color><color #282>+74</color><color #ccc>,</color><color #f00>-18</color><color #ccc>)</color>//\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=66b071fa095ef25a234235228b52a18be92fe1aa|66b071f]]'' **<nowiki>procd:</nowiki>** <nowiki>update to latest git HEAD</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=66b071fa095ef25a234235228b52a18be92fe1aa|66b071f]]'' **<nowiki>procd:</nowiki>** <nowiki>update to latest git HEAD</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>,</color><color #f00>-3</color><color #ccc>)</color>//\\
  => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=3e68cdfdc5221d2a9268e9b30fbd474ea20b92f8|3e68cdf]]'' **<nowiki>procd:</nowiki>** <nowiki>Do not leak pipe file descriptors to children</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>)</color>//\\  => ''[[https://git.lede-project.org/?p=project/procd.git;a=commitdiff;h=3e68cdfdc5221d2a9268e9b30fbd474ea20b92f8|3e68cdf]]'' **<nowiki>procd:</nowiki>** <nowiki>Do not leak pipe file descriptors to children</nowiki> //<color #ccc>(</color><color #282>+3</color><color #ccc>)</color>//\\
Line 191: Line 206:
  
 ===== Addressed bugs ===== ===== Addressed bugs =====
-=== #7 === 
-**Description:** <nowiki>hostapd fails to start if automatic channel selection is set</nowiki>\\ 
-**Link:** [[https://bugs.lede-project.org/index.php?do=details&task_id=7]]\\ 
-**Commits:**\\ 
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e08b8255ec41946ed80f77dd551e93af9de01cb9|e08b825]]'' **<nowiki>ramips:</nowiki>** <nowiki>fix wps button gpio for DWR-512</nowiki> //<color #ccc>(</color><color #282>+1</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\ 
-\\ 
 === #577 === === #577 ===
 **Description:** <nowiki>Poweroff command hand Geode system instead of switch off.</nowiki>\\ **Description:** <nowiki>Poweroff command hand Geode system instead of switch off.</nowiki>\\
Line 266: Line 275:
  
 ===== Security fixes ==== ===== Security fixes ====
-=== CVE-2017-1000100 === +=== CVE-2017-7407 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\+**Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000101 === +=== CVE-2017-7468 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\+**Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000111 === +=== CVE-2017-7508 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\+**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-1000112 === +=== CVE-2017-7512 === 
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\+**Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7520 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7521 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7522 === 
 +**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ 
 +**Commits:**\\ 
 +''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ 
 +\\ 
 +=== CVE-2017-7533 === 
 +**Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> 
 + 
 +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\
 **Commits:**\\ **Commits:**\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
Line 938: Line 983:
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=e232c6754d6e0cbde3892aa1fa243f4707d7ad5e|e232c67]]'' **<nowiki>mbedtls:</nowiki>** <nowiki>update to 2.6.0 CVE-2017-14032</nowiki> //<color #ccc>(</color><color #282>+30</color><color #ccc>,</color><color #f00>-30</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7407 === +=== CVE-2017-1000100 === 
-**Description:** <nowiki>The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000100]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7407]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7468 === +=== CVE-2017-1000101 === 
-**Description:** <nowiki>** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000101]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7468]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=7ab8bf126ef64f0f8e3bca8385742a0d45185e8f|7ab8bf1]]'' **<nowiki>curl:</nowiki>** <nowiki>fix CVE-2017-7407 and CVE-2017-7468</nowiki> //<color #ccc>(</color><color #282>+430</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=f483a35f08741ff0ca373236e6ad1d93edb1ba75|f483a35]]'' **<nowiki>curl:</nowiki>** <nowiki>fix security problems</nowiki> //<color #ccc>(</color><color #282>+75</color><color #ccc>,</color><color #f00>-1</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7508 === +=== CVE-2017-1000111 === 
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000111]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7508]]\\+
 **Commits:**\\ **Commits:**\\
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\+''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
 \\ \\
-=== CVE-2017-7512 === +=== CVE-2017-1000112 === 
-**Description:** <nowiki>Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521.</nowiki> +**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112]]\\
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7512]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7520 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7520]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7521 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7521]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7522 === +
-**Description:** <nowiki>OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7522]]\\ +
-**Commits:**\\ +
-''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=57289ae6403d9d03a419337f266194d3ae6909d0|57289ae]]'' **<nowiki>openvpn:</nowiki>** <nowiki>update to 2.4.3</nowiki> //<color #ccc>(</color><color #282>+14</color><color #ccc>,</color><color #f00>-13</color><color #ccc>)</color>//\\ +
-\\ +
-=== CVE-2017-7533 === +
-**Description:** <nowiki>Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.</nowiki> +
- +
-**Link:** [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7533]]\\+
 **Commits:**\\ **Commits:**\\
 ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\ ''[[https://git.lede-project.org/?p=source.git;a=commitdiff;h=4a1b87aba448fae648bf17830379fde11060927b|4a1b87a]]'' **<nowiki>kernel:</nowiki>** <nowiki>update 4.4 to 4.4.83</nowiki> //<color #ccc>(</color><color #282>+44</color><color #ccc>,</color><color #f00>-62</color><color #ccc>)</color>//\\
 \\ \\
  • Last modified: 2017/10/03 12:36
  • by stintel